Debugging security
There is an interesting analogy between between debugging software and debugging the security of your systems. As Brian W. Kernighan and Rob Pike wrote in “The Practice of Programming” As personal choice, we tend not to use debuggers beyond getting a stack trace or the value of a variable or two. One reason is that it is […]
10 guidelines for a security audit
What exactly is the role of an information security auditor? In some cases, such as compliance by Level 1 and 2 merchants with PCI DSS 2.0, external audit is a condition to PCI DSS 2.0 compliance. In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike […]
Getting managers out of denial
Maybe you have a manager in denial? I know the feeling -the absence of effective risk controls for data security often start with denial of vulnerabilities. Here is a true story: …I’m not concerned about data theft. We’ve outsourced our entire IT operation to a big bank’s data center and they’re up to speed on […]
