The security of open source software
A conversation with a client this morning revolved around software development tool alternatives in an environment of Web Socket. Why not use Flash on the client and AMF on the server side?, the client asked. I hesitated for a moment and answered – because Adobe is proprietary and closed source and the only developers looking […]
Why Rich Web 2.0 may break the cloud
There are some good reasons why cloud computing is growing so rapidly. First of all there are the technology enablers: Bandwidth and computing power is cheap. Software development is more accessible than ever. Small software teams can develop great products and distribute it world wide instantly. But cloud computing goes beyond supply-side economics and directly […]
Paying the price for peace
An exceptional post by Lilac Sigan “To bad it doesn’t pay to be a nice guy” suggests that Israel may be better off in the long term with its relations with Turkey by demanding a quid-pro-quo (The Turks are demanding reparations and an official apology from Israel for boarding the now infamous Gaza flotilla boat […]
Data availability and integrity – the Apple/Microsoft version
I have over 2,300 contacts on my iPhone and like any reasonable person, I wanted to backup my contacts. I figure my iPhone wont last forever. Like a fool, I thought it might be a good idea to test the restore process also. The Ubunutu One service based on Funambol doesn’t really work so that […]
How to assess risk – Part II: Use attack modeling to collect data
In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling […]
How to assess risk – Part I: Asking the right questions
It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care. Let’s face it – risk is difficult to understand, since it […]
Run security like you run the business
Is there any conceivable reason why should not run your security operation like you run your core business? The sales people in your firm have sales quotas and are measured by gross profit margin and collections. The people who run manufacturing and distribution have quotas for manufacturing throughput and inventory cycle times. So why shouldn’t your […]
The psychology of data security
Over 6 years after the introduction of the first data loss prevention products, DLP technology has not mainstreamed into general acceptance like firewalls. The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security […]
What is security?
So what is security anyhow? Security is not about awareness. A lot of folks talk about the people factor and how investing in security awareness training is key for data protection. I think that investing in formal security awareness training, internal advertising campaigns and all kinds of fancy booklets and cards for employees is a […]
Counter cyber terrorism with social networks
The topic of offensive strategies against hackers comes up frequently and I am surprised and dismayed by the US strategies on combating cyber terror. The Americans are still thinking in a conventional warfare paradigm – in defending a new domain, William Lyn writes: It must also recognize that traditional Cold War deterrence models of assured […]
