Why Rich Web 2.0 may break the cloud
There are some good reasons why cloud computing is growing so rapidly. First of all there are the technology enablers: Bandwidth and computing power is cheap. Software development is more accessible than ever. Small software teams can develop great products and distribute it world wide instantly. But cloud computing goes beyond supply-side economics and directly […]
How to assess risk – Part I: Asking the right questions
It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care. Let’s face it – risk is difficult to understand, since it […]
Run security like you run the business
Is there any conceivable reason why should not run your security operation like you run your core business? The sales people in your firm have sales quotas and are measured by gross profit margin and collections. The people who run manufacturing and distribution have quotas for manufacturing throughput and inventory cycle times. So why shouldn’t your […]
The psychology of data security
Over 6 years after the introduction of the first data loss prevention products, DLP technology has not mainstreamed into general acceptance like firewalls. The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security […]
What is security?
So what is security anyhow? Security is not about awareness. A lot of folks talk about the people factor and how investing in security awareness training is key for data protection. I think that investing in formal security awareness training, internal advertising campaigns and all kinds of fancy booklets and cards for employees is a […]
Are we glorifying the attackers and prosecuting the victims?
With all the media noise about Stuxnet, cyber war and cyber terror, I proposed taking a closer look at how we relate to the players. Whether uber hackers or PLO terrorists; are we glorifying the attackers at the expense of prosecuting the victims? In data security I don’t subscribe to utilitarian ethics (which attempts to […]
How to improve your data security in 3 steps
How to protect your systems, your most sensitive data, avoid malware infections and never have a single minute of downtime due to malware. Run Ubuntu Get your services in the cloud Practice safe computing.
Has the threat of cyberwar been grossly exaggerated?
Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the […]
The case for a guild of security consultants
The notion of a security consultant guild is a seductive idea. Promoting quality, defining service levels and enhancing professional standing are good things, but there is a red ocean of professional forums so – I would not just jump in and start a guild. Just take a look at forums like LinkedIn and Infosec Island […]
Why the Europeans are not buying DLP
It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the […]
