- Notes from a Michigan Homeland Security Consortium Town Hall Meeting
On March 24, 2009, the Michigan Homeland Security Consortium hosted a panel discussion addressing Data Privacy. The panel comprised experts in the fields of encryption, law, and forensics. While the business leaders in attendance worked in different fields, they were united in their concern for the security of their core information assets.
- Invincibility vs Vulnerability
Sun Tzu's "The Art of War" offers insights into military strategy that are applicable to information security. Two salient concepts discussed in his treatise are invincibility and vulnerability. While the former exists can acted upon, the latter relies on the actions of the opponent.
- Business Case-driven IT Security Spending
In a "Do more with less" world, we have to take a closer look at the effectiveness of our current InfoSec investments. This installment offers some ideas on how information professionals can contribute.
- Data Security Responsibility Should Not Be 'Pushed Down'
Information's increasing propensity to move out of the data center is no reason to shirk responsibility for its protection.
- A Different Approach to Infrastructure Continuity Management
This isn't for everyone, but it is a possible solution for fixed or mobile data centers located in hazardous or quickly changing operating conditions.
- Risk Mitigation Drives Breach Prevention Costs
The objective of breach risk mitigation is to increase the effort necessary to successfully breach a network, system, etc. beyond the value gained by a successful attack.
- 60 Minutes to cover Conficker, cyber-crime
60 Minutes will air a report on malware Sunday. It will cover Conficker but also raise awareness about the larger legal issues allowing cyber crime to flourish in countries such as Russia.
- The Internet is broken, take 2. Another big Internet bug at Black Hat?
Black Hat Europe organizers are promising another blockbuster disclosure that will be "as important as Dan Kaminsky's DNS research from the summer."
- Diebold says hackers put Trojan on Russian ATMS
Diebold is warning its Opteva ATM customers worldwide after criminals in Russia installed malicious software and devices on some of the company's ATM machines.
- A Day in the Life of a Risk Analyst – A Short Story (based upon a true story)
We don’t know what we don’t know We know of some things we don’t know The company really seems like it doesn’t want to know
- What Grinds My Gears - Poorly Written Code Still Driving Vulnerabilities
Can you imagine if code was written poorly for NASA and the Space Shuttle program? Sorry astronauts, no oxygen today due to a coding buffer overflow. My apologies but we just wanted to get this out the door fast and all the features and use cases for the app work just fine so what’s your beef!?!
- Usama Bin Laden (UBL) new video on the Champions of Somalia urging them to fight on.
Beware of institutions that have been infiltrated by infidels and who do not represent our beliefs even though they claim to focusing directly on Egypt and the Kingdom of Saudi Arabia.
- Back to Basics - Back to Ethics
What happened in Washington DC (city) government under Yusuf Acar as CSO over the past few years? Almost everyone involved in government technology in the nation, along with a few others in the FBI, want to find out the answer to that question. What we do know is that Vivek Kundra, President's Obama's brand-new, first ever, federal CIO has taken a leave of absence. Could this very talented leader be in serious trouble? This blogger hopes not. But one lesson is already clear - Web 2.0, Government 2.0, Cloud Computing, or any other techno-savvy change must be built on a foundation of rock solid professional cyber ethics.
- Prevalent Plagiarism
Excuses for plagiarism don't surprise people anymore. If a high school junior proclaimed, "I did it because my hard drive crashed," most would shrug it off as a young mistake and tell them to not let it happen again. But what about plagiarism from well-known scientists? Harold Garner, an expert on scientific plagiarism, said, "It's just too easy to cut and paste these days." What's going on here?
- The Role of Bloggers in the New Economy
The new OMB director starts a blog while news organizations world-wide announce layoffs. What's going on? Is this the new normal? As the world recession deepens, the traditional role played by reporters continues to change. News organizations around the world are in financial trouble, and there are far fewer reporters. Oftentimes, remaining staff are asked to stay home for weeks without pay. Meanwhile, the number of bloggers continue to grow, as content moves online. Whether this is a good or bad development depends on your viewpoint. What is not in doubt - this trend is impacting government information flow, security and risk. Here's why.
- Essentials of Non-Disclosure Agreements
Following on with our discussion of best contracting practices, this week we discuss the essential elements of non-disclosure agreements (NDAs). NDAs are used in several situations. Most notably, NDAs are used at the inception of a relationship to ensure confidential information disclosed in anticipation of a potential business relationship is adequately protected. If the parties decide to enter into a final contract, say a professional services agreement, following their initial discussions, the NDA would be replaced by the confidentiality provisions of the final agreement. In the foregoing example, an NDA is used as an interim agreement to ensure initial discussions are protected by written confidentiality obligations, but the NDA is not intended or designed to be used on an ongoing basis. Rather, the parties contemplate the NDA will "sunset" when they ultimately sign a final agreement to govern their relationship (e.g., a master license agreement, ASP agreement, professional services agreement, etc.).
- Minimizing Risks Associated With Residual Data on Hardware
In just the past week, two embarrassing data compromises were widely publicized. Those compromises resulted from a failure to adequately scrub old hardware (e.g., laptops, Blackberries, and USB drives) of residual data. Given the currency of this issue, I thought it appropriate to take a slight detour from my current series of postings on contract issues to present some sample contract language to address this problem.
- Letters of Intent and Memoranda of Understanding
Continuing our discussion of best contracting practices, today we discuss letters of intent (“LOIs”) and memoranda of understanding (“MOUs”). Businesses use these types of documents to summarize the terms of a proposed transaction to guide contract negotiations. The idea is to ensure both parties have alignment on the key business issues before moving forward with negotiation of a final agreement. The idea is a good one, but the execution is frequently flawed.
- Facebook joins OpenID foundation
The identirati are all abuzz about Facebook joining the OpenID board.
- PayPal joins the OpenID Foundation
The OpenID Foundation announced today that PayPal has joined their board. At first blush, this may not
- Microsoft adds to their identity ranks
It seems that everywhere you turn these days, all you hear about is lay-offs. Heck, even Microsoft is laying off people.
- NSA doesn't want to run cybersecurity
NSA Director calls for better cyber security
- DLP Revisited
This November, CSO held it's Executive Seminar on Data Loss Prevention in New York City. Here is a recap of the event.
- The best-laid plans of mice and men sometimes go for naught
You can invest years in protecting the integrity and resiliency of your business...and then along comes something out of left field and you're ruined...just ask Indymac Bank.
- Recent Moves: Ruhl Joins The Capital Group
New Director of IT Risk Management
- Recent Moves: Kent Adds Duties at Genzyme
Biotech company broadens view of operational risk
- Recent Moves: Cancilla Promoted at Baker Hughes
CSO moves up
- As Companies Close - What Happens to the Files - Yes that is your social security number sitting there
What is going to happen to all the confidential data left behind?
- Olympics - Forensic Files?
Is nothing safe from forensics? It seems everything can be found out!
- This Could Happen To You
I'm just glad this wasn't me