Ehud Barak, information leaks and political activism
What do Anat Kamm, Ehud Barak and Meir Dagan have in common? Ehud Barak is current Israeli Minister of Defense, former IDF Chief of Staff and former Prime Minister that led the disastrous withdrawal from Lebanon that fomented Intifada II and then Lebanese War II. Barak is famous for quotes like “If I was a Palestinian, I […]
Monica Belluci and Security
Trends – security and movie stars, Manuela Arcuri and Monica Bellucci, Verisign and Mcafee. Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical […]
Build management and Governance
Don’t break the build. There is absolutely no question that the build process is a pivot in the software quality process. Build every day, don’t break the build and do a smoke test before releasing the latest version. This morning, I installed the latest build of an extremely complex network security product from one of […]
Security is in the cracks
Yesterday I spent most of the day re-installing one of the workstation in the office with Ubuntu 11.10. I like what I saw, but the Unity interface is not my cup of tea so I installed Gnome – what they call Classic Ubuntu. In principle I shut down as many operating services as I can […]
The political power of social media
Clay Shirky writes on Foreign Affairs this week Arguing for the right of people to use the Internet freely is an appropriate policy for the United States, both because it aligns with the strategic goal of strengthening civil society worldwide and because it resonates with American beliefs about freedom of expression By switching from an […]
Disaster recovery planning
This article describes a plan and implementation process for disaster recovery planning. The secret to success in our experience is to involve the local response team from the outset of the project. Copyright 2006 D.Lieberman. This work is licensed under the Creative Commons Attribution License The disaster recovery plan is designed to assist companies in […]
What is the best way for a business to prevent data breaches?
Let’s start with the short version of the answer – use your common sense before reading vendor collateral. I think PT Barnum once said “There is a sucker born every minute” in the famous Cardiff Giant hoax – (although some say it was his competitor, Mr. George Hull. Kachina Dunn wrote how Microsoft got security […]
Security sturm und drang – selling fear.
Sturm und Drang is associated with literature or music aiming to frighten the audience or imbue them with extremes of emotion”. The Symantec Internet Security Threat Report is a good example of sturm und drung marketing endemic in the information security industry. Vendors like Symantec sell fear, not security products, when they report on “Rises on Data […]
Ten steps to protecting your organization’s data
Here are 10 steps to protecting your organization’s privacy data and intellectual property. As a preface, begin with the understanding that you already have all the resources you need. Discussions with colleagues in a large forensics accounting firm that specialize in anti-fraud investigations, money laundering and anti-terror funding (ATF), confirm what I’ve suspected for a […]
Security and the theory of constraints
Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember TOC ( Theory of Constraints, invented by Dr. Eli Goldratt about 40 years ago) there is only 1 key constraint that limits system (or company) performance to achieve it’s goal. So – what […]
