Brainwashed by propaganda?
I decided to update this post – after the security theater of the week with the Palestinians and Israelis – as if Israel really needs the Palestinians to recognize Israel as a Jewish State and as if not building a few houses is going to give the Palestinian leaders a reason to stop terror and […]
When defense in depth fails – two deadly sins
Defense in depth is a security mantra, usually for very good military security and information security reasons. However – defense in depth may be a very bad idea, if your fundamental assumptions are wrong or you get blinded by security technology. The sin of wrong assumptions In the defense space – we can learn from […]
Truth in security packaging
We have come here this evening to fulfill two obligations that we have to the American family. We are here to defend truth and we are here to avoid tragedy. I asked a colleague recently about the hype so prevalent in the information security industry and he answered that by now – most of his […]
Will you be left holding the bag?
Introduction Where data security decision making is concerned, the PCI DSS and HIPAA regulatory requirements are more striking for what they leave unsaid than for what they say. They do tell you what an auditor would look for in determining the level of your systems’ data security. However, the security checklists don’t enable you to […]
The case for a guild of security consultants
The notion of a security consultant guild is a seductive idea. Promoting quality, defining service levels and enhancing professional standing are good things, but there is a red ocean of professional forums so – I would not just jump in and start a guild. Just take a look at forums like LinkedIn and Infosec Island […]
Why the Europeans are not buying DLP
It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the […]
Will smart phones replace credit cards?
A recent post “Can smartphones replace credit cards” wonders whether or not consumers are ready to trade in their plastic for their cell-phone. Mobile payment technology has been around for about 10 years and it has not really taken off in a big way – although there are niche applications. In Tel Aviv for example, […]
Wishing is not enough
This time of year I get lots of mail wishing me a good year.
Why Pentagon cyber strategy is divorced from reality.
From the recent September/October 2010 issue of Foreign Affairs – William Lyn U.S. Deputy Secretary of Defense writes about defending a new domain. The long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror: Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors […]
Windows USB vulnerabilities reign supreme
In an article to be published Wednesday August 26, 2010 discussing the Pentagon’s cyberstrategy, Deputy Defense Secretary William J. Lynn III says malicious code placed on a removable drive by a foreign intelligence agency in 2008 uploaded itself onto a network run by the U.S. military’s Central Command – source: Washington Post “That code spread […]
