Blog

Security and Risk Management Are Lovers; Don’t Mistake Them for Twins

By Rich
I’m on the plane heading back home from Symposium and have to admit I noticed a really weird trend this week. Maybe not a trend per se, but something I haven’t heard before, and I heard it more than once. In two separate one on one meetings clients told me they’d reorganized their security teams and were now calling them “risk management”. No security anymore, just risk management. I’m a big proponent of risk management. I even wrote a framework before it was cool (the Gartner Simple Enterprise Risk Management framework if you want to look

McKeay’s Right- There’s Always Someone Smarter

By Rich
Martin McKeay has a great addition to my post on experts. I’d like to add one point to this: There’s always going to be someone who knows more about the subject than you do. I don’t care how good you are, somewhere there’s someone who understands what you’re working on better than you do He’s right. Really right. I just want to know who the heck that guy at the end of the chain is. Probably some monk in the mountains with a metaphysical relationship to the OSI model.

Cybercrime- You Can’t Win Only With Defense

By Rich
I picked up the ever-ubiquitous USA Today sitting in front of my hotel room door this morning and noticed an interesting article by Jon Swartz and Byron Acohido on cybercrime markets. (Full disclosure, I’ve served as a source for Jon in the past in other security articles). Stiennon over at Threat Chaos is also writing on it, as are a few others. About 2-3 years ago I started talking about the transition from experimentation to true cybercrime. It’s just one of those unfortunate natural evolutions- bad guys follow the money, then it takes them a little bit of

Enterprise DRM- Not Dead, Just in Suspended Animation

By Rich
I just finished up my last of 4 presentations here in Orlando and am enjoying a nice PB&J and merlot here in my room. Too much travel really kills the taste buds for hotel food. Today’s presentation was on data security; the area I’ve been focusing on during my 5 years as an analyst. And when you talk about data security you have to talk about DRM. Enterprise DRM is quite different from consumer DRM, even if they both follow the same basic principles. One of the biggest differences being enterprise DRM is focused on reducing the risk

There’s a Reason We Have Security (or any) Experts

By Rich
I’m on a break here in Orlando and made the mistake of checking my work email. A coworker from another team is pushing a prediction around data security that, depending on how you interpret it, is either: Already in multiple commercial products No harder to break than existing technologies I won’t name names or even the specific proposal, but now we’re in a big internal debate since I’m fighting publication of a prediction that I think could embarrass us among security professionals. Unfortunately this person’s team is backing him/her and are really excited about

IE7 Coming This Month (Maybe as a Security Update?)- If You’re Staying on MS, Better Get It

By Rich
Over at the Washington Post, Krebs is reporting that Microsoft is releasing Internet Explorer 7 this month. At first it sounded like it might be released as a security update (part of Patch Tuesday, when Microsoft releases all their security patches every month). Now it looks like it might just be released as a regular old update. I’ve heard IE7 is pretty good, although some of the best security sauce won’t work until Windows Vista ships this year/next year/next decade/centruy/whatever. The usual advantage of IE is that it won’t break all those sites coded

SCADA- It’s Probably Cheaper to Keep Those Networks Separate

By Rich
Thanks to a missing arrival I’m blogging live from the “Analyst Hamster Maze” at Symposium in Orlando. That’s how we refer to the One-on-One area in the Swan hotel- there’s really no other way to describe about 100 temporary booths in a big conference room filled with poorly fed and watered analysts. If you’ve never been to a Gartner conference, any paying attendee can sign up for a 30 minute face to face analyst meeting for Q&A on pretty much anything. I like to call it “Stump the Analyst”, and it’s a good way for

Speaking at the Gartner Symposium

By Rich
I’m packing up my bags and heading down to Orlando for the Gartner Symposium and IT Expo. It’s a busy year, with 3 presentations and a panel: Tuesday, 8 am: Oracle, SAP, and Beyond: Securing Major Enterprise Applications Tuesday, 3:15 pm: Enterprise Risk Management, the Benefits of Risk (panel) Wednesday, 8:30 am: Content Monitoring and Filtering: Vendor Choices, User Issues Wednesday, 3:15 pm: Keeping Regulators and Customers Happy with Data Security The data and application security pitches are getting a bit stuffed and should keep you geeks happy. I think this might be my 6th Orlando Symposium, which is a bit frightening. If

Fox News, Information Warfare, and Public Perception

By Rich
Despite living in Boulder Colorado for 16 years I’m neither a hippie nor a conspiracy theorist. I don’t use patchouli oil, wear a beanie, or ingest any mood-altering substances you can’t buy in a grocery store. I don’t think the Masons control our destiny, black helicopters molest cattle, or the NSA monitors all our communications. Oh, really? Okay, but the cattle thing definitely isn’t real. Except maybe in Nebraska, but that’s not the CIA, not that there’s anything wrong with it… Anyway, what I’m saying is that I’m fairly skeptical, if a

How To: Clone a VeriChip

By Rich
For those that don’t know, VeriChips are implantable RFID tags “for people”. That way you can be tagged and tracked like cattle or Gillette razors. Convenient, I guess. Anyway, here’s a great article on the Make blog on cloning VeriChips. So much for using these to separate identical twins. I see this as one of those “good news/bad news” kind of things. The good news is the bad guys don’t have to chop your arm off to steal your identity. The bad news is VeriChips totally blow. Or is that the good news? I’m easily
Page 319 of 324 pages ‹ First  < 317 318 319 320 321 >  Last ›