[ View menu ]

Archive for 'Quick comment'

Haiti

This is a information security blog, but it’s also an opportunity to talk about an important cause. Please, take some time to donate (even one dollar) to the victims of the earthquake at Haiti:
RED CROSS: www.redcross.ca
WORLD VISION CANADA: www.worldvision.ca
UNICEF: www.unicef.ca
SALVATION ARMY: www.salvationarmy.ca
MÉDECINS SANS FRONTIÈRES: www.msf.ca

Shouldn’t it be a “security professional friendly” website?

I received an e-mail from (ISC)2 about their new social network website. I tried to use it, but I’ve got the following message:
Sorry, an error has occured.
You must be an (ISC)2 member and have JavaScript enabled in order to access the InterSeC Website.
Please enable JavaScript in your browser, log back into the Member Website, and try [...]

One of those “quick updates”…

I’m ashamed that my blog has much more of these posts that it should, but yes, this is another one. I’m not posting anything here for some time, life has been a little more demading than usual for other “stuff”. My dog is quite sick (that’s expected for a 17 year old dog, isn’t it?) [...]

It’s a rant, but it so good

It was written some weeks ago by Stuart King. I love it. Two key points for me:
“Many “experts” preach the importance of working through risk models. It’s a load of tosh. No matter which way you try to do it, you’ll always come out with the answer you first thought of.  You might as well [...]

Do no evil?

That’s Google motto; however, there is really some room for thinking after watching the presentation from Ira Winkler. The most interesting thing is not only the huge amount of data that Google has, but their posture on inquiries and complaints about them. Still, they are usually seen as a “cool” company. As Ira said, what [...]

Too much good content on the blogosphere

I must say that I should be writing ten times more than I’m actually doing these days. The main reason is that the subjects that I’ve been interested in writing about are so great that I don’t want to just throw a simple post about them. I’m trying to give some room to my thoughts [...]

“Independent” articles

Don’t you hate when you are reading what should be an independent article and suddenly the author starts to describe a solution to a problem with a list of stuff that “happens to be” just like the features of his company’s product? The guy is writing about processes and suddenly you find stuff like “a [...]

Security: cost center

Mike Rothman made me LOL very very hard today with this post about McAfee’s attempt to say that compliance is not a cost center. Mike is completely right in saying that many had tried to do that and it didn’t work. Mostly because yes, it is essentially cost. Most of the demonstrations of security as a [...]

from the other side

I’m usually ranting here about the usage of statistics, risk metrics and other quantitative approaches (as ROI) to support security decisions. Well, there is a small but very smart comment from Lindstrom regarding some of “our” arguments against those methods. I completely agree with him. That’s why this blog is named “Security Balance”, it’s my [...]

Pareto is killing security

It’s started to be a rule on security programs to have security solutions/processes implemented following the 80/20 “Pareto principle”.  That’s pretty acceptable except for the fact that people immediately forget that remaining 20% and keep in their heads that that risk is completely mitigated. You start to see those cases piling up, absurd “no risk” situations [...]