Would Bill C-285 outlaw BlackBerry in Canada?
http://www.itworldcanada.com/a/Daily-News/03b813a2-f13b-4c3e-9494-ae9064f25da3.html “When they outlaw X only criminals will have X” … for many values of the members of the set of Y. There’s the old...
View ArticleThrowing in the towel
I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense, I was forced to resign within two months of discovering a...
View ArticleThe Need to Understand Culture
Some references for “The 11th Domain” I’m going to respond to this as broadly as possible. This is not a subject like “access control” that is hard and bound. First, there’s Human Communication....
View ArticleArrogant? Who? Us?
http://blogs.csoonline.com/problem_3_for_security_professionals_not_enough_humble_pie?source=CSONLE_nlt_update_2010-01-12 Talk about difficult to read! I hate sites like this, only slightly more than...
View ArticleCareer Insights from Stephen Northcutt, CEO of SANS
http://www.bankinfosecurity.com/articles.php?art_id=2914 Fascinating. I get a lot of enquiries from wannabes who, as they put it, want to “break into security“. I presume they see it as more...
View ArticleBlack Swan: “levels only experienced on average once every 500 to
http://news.discovery.com/earth/megastorm-californias-other-big-one.html Just in the last 15 years, since microwave technology aboard satellites produced images of water vapor in the atmosphere,...
View ArticleAre *YOU* ready to give up yet?
Apparently (ISC)2 did this survey … which means they asked the likes of us …....
View ArticleSecurity and efficiency
You gotta love the low-tech solution. It’s really never NOT about people, is it? Darn tooting right! Its always people. Any way you look at it. Which is why I go on about The 11th Domain. Why the CBK...
View ArticleHe’s not Ian Paisley
I was at a presentation yesterday. One of the vendor’s speakers, I’m sorry to say, was a CISSP. OK, he wasn’t Ian Paisley or any other radical religious zealot. BUT his was hectoring us and telling us...
View ArticleEconomic Impact: Patent trolls chase app developers out of the U.S
http://www.linuxfordevices.com/c/a/News/Kootol-joins-Lodsys-as-a-patent-troll/?kc=LNXDEVNL072111 The Debt ceiling crisis will pass; even if there is a crash, the USA can recover from it … IF its core...
View ArticleUpside and downside: How I hate Journalists
http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have...
View ArticleSocial Engineering and sufficency of awareness training
Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are made by the social engineers and to glean information from...
View ArticleTight budgets no excuse for SMBs’ poor security readiness
http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge,...
View ArticleLearning to Counter Threats – Skills or Ethics?
Fellow CISSP Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning how to lie (con, `social engineer,’ etc.) by...
View ArticleAn “11th Domain” book.
http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly...
View ArticleThe #1 Reason Leadership Development Fails
http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn’t have though, based on the title, that I’d be blogging about this, but then again one can get fed...
View ArticleThe Truth About Best Practices
An article on Linked entitled 'The Truth about Practices" started a discussion thread with some of my colleagues. The most pertinent comment came from Alan Rocker: I'm not sure whether to quote "Up the...
View ArticleMost CEOs clueless about cyberattacks
http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that's cynical and pessimistic and a headline grabber, but then that's what...
View ArticleShould all applicable controls be mentioned in documenting an ISMS?
In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with what we did but the reasoning behind those decisions. This was so...
View ArticleCyber, Ciber or Syber?
Occasionally, people do ask: What exactly do you mean by “cyber security”? Or “cyber” for that matter. Please explain. “Steersman Security”? It seems to be one of those Humpty-dumpty words that the...
View Article
More Pages to Explore .....