One of the biggest issues with security awareness is knowing what it is you are trying to achieve. It’s not enough to just run an awareness program – you have to be trying to drive an outcome. Over a period of time I have defined in my own head a kind of CMM for security… Continue Reading CMM for Security Awareness?
I was doing some reading on the distribute.it hack and stumbled onto a reference to a Risky Business podcast on probablistic risk assessments. It’s a great argument as to why risk assessment does not work well in the information security space. The basic thesis is you can’t assign a probability to a serious attacker. … Continue Reading Commentry on Probablistic Risk Assessments
I read No pic, no fly plan for airports in The Age yesterday with a small amount of dismay. It’s always frustrating to see security measures that seem to be more about the appearance of security rather than the reality, and which will negatively impact the users (or travellers in this case). I’m really not… Continue Reading Airport Security – More Window Dressing?
Very belatedly I’ve been looking into the Stuxnet worm. Interesting new world we find ourselves in. This thing was surgical – not only damaging the equipment but hiding its footsteps. The question you have to ask though is if this is the one we know about – how many are out there that we don’t?
Network World have an interesting article based on a Forrester research report on iPhone and iPad security, arguing it’s good enough for most cases.
Read an interesting article Gartner: Companies shouldn’t bother banning Facebook, social networking this morning around Gartner’s security guy Andrew Walls and his view on the value of blocking social media. I tend to agree with his argument that security people risk loosing credibility if they keep saying these sites are dangerous when people use them… Continue Reading Interesting pitch by Gartner on social media
It’s interesting to watch the changing attitude to patching on workstations. I’m probably a bit behind the eight ball on this stuff – patching has never been a favorite subject of mine (I get frustrated with the amount of time and effort patching can take up with no real visible value created). But what’s interesting… Continue Reading Workstation Patches – Going the Way of AV Updates
And this is interesting as well. The old question of how do you know the person you are talking to online is who you think they are. Although you gotta ask – why would anyone just hit accept on a friend request from someone they didn’t know? Education in this space just has to get… Continue Reading And another thing about Facebook
I’ve been following the whole Facebook privacy saga with great interest. It’s good to see that Facebook are about to put in some fixes. Some would argue a little too late – but then the business of Facebook is about dealing in people’s private information, so I would have been surprised if they jumped to… Continue Reading What really scares me about social media
I was reminded this week about just how bad complexity is for security people. And the problem is complexity is getting worse in our networks. Virtual systems have a lot to answer for here I reckon. I firmly believe that the first question any person should ask when running up a virtual system should be… Continue Reading Virtualisation Complexity – why did we do this to ourselves?