Procedures are not a substitute for ethical behavior
Are procedures a substitute for responsible and ethical behavior? The behavior of former secretary of State (and Presidential race loser) Hilary Clinton is an important example of how feeling entitled is not the exclusive domain of under 20-somethings. When we do a threat analysis of medical devices, we try to look beyond the technical security […]
Has the threat of cyberwar been grossly exaggerated?
Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the […]
Why Pentagon cyber strategy is divorced from reality.
From the recent September/October 2010 issue of Foreign Affairs – William Lyn U.S. Deputy Secretary of Defense writes about defending a new domain. The long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror: Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors […]
Cultural factors in DLP
What is interesting and generally overlooked – is the cultural differences between the US and the rest of the world. The Europeans prefer a more nuanced approach stressing discipline and procedures,The Americans are compliance driven and IT top heavy, I imagine if you look at DLP sales – 98% are in the US, being (right or […]
Facebook disclosure cancels raid on terrorists
I want to challenge the effectiveness of top-down, monolithic security frameworks (ISO 27001/PCI DSS) – I submit that rapidly changing threats – social networking, cyberstalking, social engineering, cyber-stalking and custom spyware are threats that exploit people and system vulnerabilities but are not readily mitigated by a top down set of security countermeasures. The recent case […]
Reducing risk of major data loss events
Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons Hellman proposes that we need a third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been […]
German homeland security
I am on an email distribution list from the Israeli Export Institute for Israeli software and security companies. The Export Institute is organizing an event for Protecting Critical Infrastructure – the event is slated to take place Brandenburg, in Berlin-Schönefeld, 18 – 20 May 2009. I liked the use of standard security market-speak to describe the opportunity […]
The Israeli Supreme Court is a security vulnerability
I got this from my sister in-law Judith Bedichi this morning – it was written by Dr. Guy Bechor and describes an escalation of security threats to the Jewish State of Israel. The Israeli Supreme Court is highly-regarded yet clearly preferential to Israeli Arabs, with liberal rulings allowing operations of radical Islamic groups in the […]
70 years after Kristallnacht
It’s sad that on the 70th anniversary of Kristallnacht, Ehud Olmert and Tzipi Livni felt compelled to mitigate their political vulnerabilities with offers of appeasement to Palestinian terrorists. Political spin is not a sound replacement for national pride. Translated literally from the English as the Night of Broken Glass, Kristallnacht was a pogrom in Nazi […]
What do hackers want?
What do hackers really want? No question is more important for mounting effective security countermeasures. The management, IT and security practitioners cannot expect to mitigate risk effectively without knowing the objectives and cost of potential attacks on their organization. We all depend on transaction processing to run our business and make decisions, no matter how […]
