Security Balance

Last month, during the a exam item writing workshop for the CISSP-ISSAP certification, I got an idea about how a malicious e-mail sender could try to get a unseen by the recipient reading confirmation, including the IP address of the recipient. I was talking about S/MIME messages and I thought about the signature validation process, [...]

This is what Raffy is saying: “Some of the problems I see with Security Information Management are (the first four are adapted from the Gartner IDS press release): False positives in correlation rules Burden on the IS organization by requiring full-time monitoring A taxing incident-response process An inability to monitor events at rates greater than [...]

I was reading this: “With a goal of getting IT professionals to use standard terminology and eliminate ambiguity in expressing important risk-management concepts, the Open Group is finalizing a 50-page compendium of “risk-management and analysis taxonomy.” The Open Group Security Forum’s risk taxonomy of about 100 expressions will not only address seemingly simple words such [...]

This study from Jeff Jones blog show why the Server Core feature of Windows Server 2008 was so expected by security professionals. We can see a 40% reduction on the vulnerability numbers for a server running Windows if it was using something like Server Core. My main concern now is if software providers will enable [...]

I’m back. OK, almost. Today I spent two hours reading lots of accumulated RSS news, blog postings and others. I was glad to see that nothing very exciting happened during the last weeks, when I was moving to Toronto and wasn’t able to follow the news and post on the blog. Now my life is [...]

I know that there are ages since I wrote here last, but I’m finally putting together what I need here in Toronto and I believe that in a few days I’ll resume not only my blogging but my twitter presence. Don’t unsubscribe, dear readers!