Security Balancetrying to bring balance to the Force |
 |
I’m starting a Wave
on Google Wave to build a collaboration piece on security decision making. Please send
me your contact if you want to participate.
It starts like this:
Security decision making
Dear security friends,
I’m
planning for a long time to work on a paper/presentation about security
decision [...]
I read this post from Michael Dahn and I really liked what he called “Attack Vector Risk Management”. Today I saw that the guys from Sensepost also noted the post for the same reasons, and even showed some of their work under the same concept, calling it “Corporate Threat Modeling”.
During the last months my main [...]
Lawrence Pingree, from McAffee, was kind to comment my post about his post on McAffee’s blog on “security not being a cost”. Well, I must say that what he expressed on that comment didn’t change my mind at all.
As he said, security can be an enabler. I understand this statement as saying that it [...]
Mike Rothman made me LOL very very hard today with this post about McAfee’s attempt to say that compliance is not a cost center. Mike is completely right in saying that many had tried to do that and it didn’t work. Mostly because yes, it is essentially cost. Most of the demonstrations of security as a [...]
This post from Gunnar Peterson about security budgets is extremely interesting. The comparison that he suggests between security budgets and IT budgets is a very good way to detect misconceptions about security needs and alignment between the IT strategy and the security strategy.
However, it’s important to mention that some network solutions can solve problems that [...]
