Security Balancetrying to bring balance to the Force |
 |
This is a information security blog, but it’s also an opportunity to talk about an important cause. Please, take some time to donate (even one dollar) to the victims of the earthquake at Haiti:
RED CROSS: www.redcross.ca
WORLD VISION CANADA: www.worldvision.ca
UNICEF: www.unicef.ca
SALVATION ARMY: www.salvationarmy.ca
MÉDECINS SANS FRONTIÈRES: www.msf.ca
I received an e-mail from (ISC)2 about their new social network website. I tried to use it, but I’ve got the following message:
Sorry, an error has occured.
You must be an (ISC)2 member and have JavaScript enabled in order to access the InterSeC Website.
Please enable JavaScript in your browser, log back into the Member Website, and try [...]
I’m ashamed that my blog has much more of these posts that it should, but yes, this is another one. I’m not posting anything here for some time, life has been a little more demading than usual for other “stuff”. My dog is quite sick (that’s expected for a 17 year old dog, isn’t it?) [...]
It was written some weeks ago by Stuart King. I love it. Two key points for me:
“Many “experts” preach the importance of working through risk models. It’s a load of tosh. No matter which way you try to do it, you’ll always come out with the answer you first thought of. You might as well [...]
That’s Google motto; however, there is really some room for thinking after watching the presentation from Ira Winkler. The most interesting thing is not only the huge amount of data that Google has, but their posture on inquiries and complaints about them. Still, they are usually seen as a “cool” company. As Ira said, what [...]
I must say that I should be writing ten times more than I’m actually doing these days. The main reason is that the subjects that I’ve been interested in writing about are so great that I don’t want to just throw a simple post about them. I’m trying to give some room to my thoughts [...]
Don’t you hate when you are reading what should be an independent article and suddenly the author starts to describe a solution to a problem with a list of stuff that “happens to be” just like the features of his company’s product? The guy is writing about processes and suddenly you find stuff like “a [...]
Mike Rothman made me LOL very very hard today with this post about McAfee’s attempt to say that compliance is not a cost center. Mike is completely right in saying that many had tried to do that and it didn’t work. Mostly because yes, it is essentially cost. Most of the demonstrations of security as a [...]
I’m usually ranting here about the usage of statistics, risk metrics and other quantitative approaches (as ROI) to support security decisions. Well, there is a small but very smart comment from Lindstrom regarding some of “our” arguments against those methods. I completely agree with him. That’s why this blog is named “Security Balance”, it’s my [...]
It’s started to be a rule on security programs to have security solutions/processes implemented following the 80/20 “Pareto principle”. That’s pretty acceptable except for the fact that people immediately forget that remaining 20% and keep in their heads that that risk is completely mitigated. You start to see those cases piling up, absurd “no risk” situations [...]
