Why Stuxnet was developed by the Israelis
Who developed Stuxnet? Was Stuxnet developed by the Israeli Sigint unit 8200 or was it a group of Americans, Germans and Israelis working in collaboration? There has been a flurry of articles about Stuxnet in the Israeli papers, speculating on the source of the Stuxnet virus and discussing if this is the beginning of cyber […]
Are security professionals allowed to care about money?
A psychiatrist summed up what may be the gut-level issue that plagues everyone who charges for services. He quoted an old Russian proverb: “The doctor is an angel when he tenders his cure and a devil when he tenders his bill.”
Truth in security packaging
We have come here this evening to fulfill two obligations that we have to the American family. We are here to defend truth and we are here to avoid tragedy. I asked a colleague recently about the hype so prevalent in the information security industry and he answered that by now – most of his […]
Will you be left holding the bag?
Introduction Where data security decision making is concerned, the PCI DSS and HIPAA regulatory requirements are more striking for what they leave unsaid than for what they say. They do tell you what an auditor would look for in determining the level of your systems’ data security. However, the security checklists don’t enable you to […]
The case for a guild of security consultants
The notion of a security consultant guild is a seductive idea. Promoting quality, defining service levels and enhancing professional standing are good things, but there is a red ocean of professional forums so – I would not just jump in and start a guild. Just take a look at forums like LinkedIn and Infosec Island […]
Why the Europeans are not buying DLP
It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the […]
Wishing is not enough
This time of year I get lots of mail wishing me a good year.
Why Pentagon cyber strategy is divorced from reality.
From the recent September/October 2010 issue of Foreign Affairs – William Lyn U.S. Deputy Secretary of Defense writes about defending a new domain. The long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror: Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors […]
Private social networking for healthcare
I think we’re rapidly approaching a point in time where people will pay for privacy. I know that after a super-hot month of August with the house full of kids chain-watching Ratatouille, I would pay someone for some privacy. The privacy controls that governments are attempting to impose on social media and the technical safeguards that […]
Why security defenses don’t prevent data breaches
Assuming you knew why a data breach will happen, wouldn’t you take your best shot at preventing it? Consider this: Your security defenses don’t improve your understanding of the root causes of data breaches, and without understanding the root causes – your best shot is not good enough. Why is this so? First of all – […]
