A June 8 Bloomberg Businessweek article noted that publicly traded companies have started including the “material risk” of computer attacks in their SEC filings. It’s interesting to see the admission of some major companies that the threat of targeted attacks can impact the bottom line. In what will undoubtedly become the trend in risk reporting [...]
Policies, procedures, guidelines, standards. Most organizations have these in some form or another but how the organization manages these important “documents” is quite telling. The Story Teller These organizations rely on word of mouth. People just “know” what the procedure is or what they are “supposed” to do. Just like nomadic tribes passing down their [...]
I guess that headline wouldn’t sell too many papers but in most cases this is the reality that drives many decisions related to information security investment. For most executives, the sky isn’t always falling and a security team that tries to operate under that premise is soon thought of as the Boy Who Cried Wolf. [...]
Once again I find myself liking White House Cybersecurity Coordinator Howard Schmidt’s approach even if I think his position is weakened based on placement, authority, etc. In a Bill Brenner article today on CSOonline, Schmidt points to the defense against the wide range of threats, including coordinated attacks, to be best lead from the private [...]
The New Jersey Supreme Court recently ruled that a company shouldn’t have read an ex-staffer’s private e-mails even though they were sent from her employer’s computer. NorthJersey.com article. Interesting ruling which will certainly change some thoughts as to personal use of work computers. While I’m a proponent of privacy rights, I’m torn on this particular [...]
Consider this: A review of an application or database that processes and stores customer information, including personally identifiable information, has been compromised. What are you going to do? Many organizations fail to plan for a compromise and unfortunately, often exacerbate the damage while attempting an “on the fly” response to an incident. The absolute worst [...]
Anti-virus software is based on signatures of known viruses. It’s a reactive product by nature and it should be known by now that these products are ineffective against new viruses and new variants. That said, why test AV products against attacks they haven’t seen and then make a stink about it in a ComputerWorld article? [...]
I just read an article “Basic security measures do wonders” and it drove home a point that seems to have been lost with the inundation of terms such as “CyberWar” and “Advanced Persistent Threat”. While we spend a lot of time implementing new technologies or applying frameworks, we sometimes forget that applying basics and using [...]
Nomenclature is simply a way to name things that are used in communication. Every profession has their own taxonomy that allows them to understand and identify “things” that are specific to their area of expertise. This has a downside. Those outside of “the club” have difficulty understanding the terms and principles that come naturally to [...]
Between 1930 and 1940, France built a massive system of defenses known as the Maginot Line. Designed to stop a German invasion, history illustrates its failure. The 1940 German invasion of France skirted the defensive Maginot Line as they swiftly penetrated through the Ardennes by way of Belgium. I’m not a historian and there are [...]
Tandil Wordpress Theme designed by Wp Themes Planet and proudly powered by WordPress