Speed is everything
Jeżeli wydaje ci się, że wszystko jest pod kontrolą, to na pewno nie jedziesz wystarczająco szybko. If you think everything is under control, it certainly is not going fast enough. Mario Andretti,Formula 1 Driver I saw this quote today and I was reminded of a takeaway from Andy Grove’s book – “Only the paranoid succeed”. […]
Mafia country, counterfeiting currency
Back in the late 70s when I was a grad student in physics I gave a paper in Pisa and then in Bari. The differences between Pisa and Bari were very clear – Pisa – Northern Italy, very European and industrialized, Bari, South of Italy, very agricultural and very Mediterranean – the one thing that […]
Fraud, energy derivatives trading
Fraud has become a big issue in energy derivatives trading. A former Bank of Montreal (BMO) natural gas trader pled guilty in November 2008 to intentionally mismarking trades, resulting in over $800 million of fraud-related trading losses. The interesting part in the item on EmpireStateNews.Net was that that the natural gas trader pleaded guilty to […]
Houston, we have a problem
Are you like the rest of the lemmings? Most companies we know – don’t have the faintest idea of what’s going on inside the corporate network. Once the company management discovers that almost all their employees cc company documents to their gmail accounts so they can access the data at home – it becomes […]
Security Leadership
Gas prices may go down and electricity may get cheaper – but In 2009, most of us will have less money to spend and our clients will be tough on pricing and orders. For information security and compliance professionals it is the time to find, implement and enforce cost-effective security countermeasures. BUT HOW?
Agency Accidentally Posts Social Security Numbers Online
I think the expression is – “the road to hell is paved with good intentions”. I got wind of this data breach event from the IS Alliance. As reported by WFTV Orlando – Social security numbers for 250,000 people were posted online by mistake, and a state agency is facing serious questions about why it […]
The death of risk assessment
We saw the movie “Blood Diamonds” last night; the way some companies practice IT risk management reminds me of TIA – “This is Africa”. Joseph Granneman talks about some of the problems with conventional IT risk assessment on Searchsecurity.com Risk assessment, as currently practiced in information security, is dead. I’m not saying we need to […]
Compliance that makes us complacent
I’m surprised with the blood bath in the financial markets and demise of WaMu, Lehman Brothers et al – that there has not been a cry to investigate the auditors of these companies. Did any of the SOX-compliant firms like AIG and Lehman Brothers really comply? I don’t think so. What should have happened if […]
Compliance franchise or real security
I’ve been saying for a long time now that compliance standards like PCI DSS 1.2 have created a marketing franchise for auditors instead of improving security. Empirical evidence of the past 2 years suggests that compliance focuses on meeting auditor requirements instead of assuring actual security of your systems and customer data assets. Here’s an […]
The physics of risk assessment
Quantity or quality – that is the question! There is a great deal of debate between the supporters of quantitative risk assessment and the supporters of qualitative risk assessment in the security and compliance business. The qualitative people say that since it is impossible to estimate risk as an absolute number such as “87 percent […]
