Why Microsoft shops have to worry about security
I am putting together a semester-long, hands-on security training course for a local college. The college asking me for the program showed me a proposal they got from a professional IT training company for a 120 hour information security course. They are trying to figure how to decide, so they send me the competing […]
Customer security with software security
If you are an IT person, this article may be a waste of your time. But – if you are in the business of making and delivering products with software inside – read on. What threats really count for your business? No question is more important for implementing an effective security and compliance program for your […]
Giving ISO 27001 business context
ISO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. However – ISO 27001 doesn’t relate to assets or asset value and doesn’t address business context which requires prioritizing security controls and their costs. This article discusses the benefits of performing an ISO 27001 based risk […]
Android 2.2 supports mobile cloud security
Courtesy of Cloud Computing Topics – Olafur Ingthorsson Android 2.2 is now fulfilling the minimum enterprise security requirements, i.e. device locking and remote wiping – amidst a long list of other enterprise cloud computing must-haves. It seems that with the latest Android release, v. 2.2, Google is stepping into the enterprise mobile cloud computing realm with […]
Software security assessments
In a way, every software security assessment is an exercise in software development. The first step in the software security assessment project is requirements analysis. Requirements analysis is concerned with what the system (whether it be a “traditional” application or a rich Web 2.0 application for social networking) needs to do. This involves examining the […]
Understanding culture and security
Whether you’re an account manager at Cisco, a programming geek in an Israeli startup, an expert on PCI DSS 2.0 or an industry authority on CRM; you must understand the culture in your workplace in addition to your professional skills in order to effectively manage risk and comply with regulation. If you alienate people – […]
Taking security on the offensive
I believe many people involved with IT security have a feeling of frustration that stems from continously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. Is it possible to be an information security officer and mitigate threats to confidentiality, availability and integrity of data in a proactive […]
Making security live in a performance culture
In a recent PCI seminar I attended, the speaker (who hails from the European PCI Security Council) claimed that most European businesses were in a very bad place in terms of their data security but that that the ultimate business objective is 100 percent compliance. I’ve heard similar pronouncements from industry analysts like Forrester. This is problematic for […]
Resilient security – taking the hit but walking away to tell the story
One of the principles of a bicycle helmet is that if you crash on your bike and land on your head, the helmet absorbs the force of the crash, breaks and saves your skull from fracture. You can walk away to tell the story. There is a definite analogy here in the world of data […]
Why Rich Web 2.0 may break the cloud
There are some good reasons why cloud computing is growing so rapidly. First of all there are the technology enablers: Bandwidth and computing power is cheap. Software development is more accessible than ever. Small software teams can develop great products and distribute it world wide instantly. But cloud computing goes beyond supply-side economics and directly […]
