The death of risk assessment
We saw the movie “Blood Diamonds” last night; the way some companies practice IT risk management reminds me of TIA – “This is Africa”. Joseph Granneman talks about some of the problems with conventional IT risk assessment on Searchsecurity.com Risk assessment, as currently practiced in information security, is dead. I’m not saying we need to […]
The credit crunch, Cisco and Nortel
I was talking with my friend Gennady Weizman yesterday about medium term (as in the next 6-18 months) impact of the current financial markets crisis on the tech market. Most of our business is in the telecom industry – so I have an interest in whether our clients will have money to spend. it appears […]
Risk management – bringing brick and mortar security to IT
I was talking with a prospect yesterday who is an information security manager; extremely professional and creative at what he does. In the course of the conversation, I realized that there are fundamental differences in mentality between IT and Security practitioners. Back when I wrote COBOL/CICS applications for Tadiran Information systems – some of our […]
The danger of losing your digital assets in a down market
Any information security professional will tell you that security countermeasures are comprised of people, processes and technology. The only problem is that good security depends on stable people, processes and technology. A stable organization undergoing rapid and violent change is an oxymoron. People countermeasures are a mix of security awareness training, background checks (at a […]
Operational risk is not a bad business decision
I was looking at the CSI 2008 security survey recently and noticed that the top three loss categories are fraud (number 1), viruses (number 2) and data loss (number 3). I’m a little dubious about viruses landing up in the number 2 slot. We haven’t even installed anti-virus software on our office workstations in the […]
Technology innovation is not enough
This week, I met with one of my former clients who have done some innovative work in the digital media space. They are a typical tech company with typical problems that create typical opportunities for larger companies to buy them out for peanuts. This particular company operates in a difficult and competitive market with long […]
Solaris and real-time Java for embedded systems?
It’s always interesting to see if industry analysis stands the test of time, like Dana Gardner (formerly with the Yankee Group, now with Interarbor Solutions) who told Internetnews.com back in 2004 that “Solaris may find fertile ground in the embedded space with a combination of real-time Java and the Solaris operating system”. Hmm. Now there’s […]
Seven software development mistakes not to make in 2009
One thing that is burnt into my personal flash memory from 7 years at Intel is working in Plan 2009 in September/October. This time of year, I start thinking about how we can survive and grow the business. We all like to think we learn from mistakes, however, recent experiences reminded me that the software […]
Credit card security franchise available
just saw a post from a month ago by Jeremiah Grossman from White Hat Security on his blog PCI-DSS references the outdated OWASP Top Ten There are actually a number of more serious technical issues with PCI DSS 1.1 than using the OWASP Top 10 from 4 years ago. Note the definition of vulnerability management […]
