Killed by code – back to the future
I hope that the code in your digital therapeutic for treating autistic children, doesn’t look like this. Back in 2011, I thought it would only be a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device). In Jan 9, 2017 FDA reported in a FDA Safety […]
The valley of death between IT and information security
IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. In order ot bridge the chasm – IT and security need to adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or […]
Credit card shims
Using shims that fit into the ATM machine and read your mag stripe data has been around for a while. It’s a good way to get the track 2 data but it won’t get your PIN (which if you are in Europe and the Middle East is part of the VISA chip and pin security […]
How to assess risk – Part II: Use attack modeling to collect data
In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling […]
The problem of security information sharing
In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The […]
7 tips to improve security in a tough economy
Are you waiting for the next Gartner Security Report, making plans to evaluate some technology your CEO might not approve after she slashes your funding and maybe your job? As a security professional, you can blame hackers, buggy software and the economy – or you can do something different. “Life is what happens to you […]
