Initial Thoughts on the 2009 Verizon DBIR

by David Mortman on April 15, 2009

Last night, the fine folks at Verizon posted the 2009 version of the DBIR.  I haven’t had time to do a full deep dive yet, but I thought I’d share my initial notes in the meantime. Stuff in italics is (…)

Read the rest of this entry »

How to be Cyberscary

by Chandler on April 15, 2009

The intersection of cime and technology is a fascinating place.  Innovation of fraud, theft, and industrial espionage is occurring at a phenomenal pace and is producing no shortage of real problems that Information Risk and Security professionals need to be (…)

Read the rest of this entry »

Events don’t happen in a Vacuum

by adam on April 14, 2009

Several commenters on yesterday’s post brought up the excellent point that its hard to talk about outcomes when you think you haven’t had any incidents. (“Consider the bank that had no attempted robberies this year”) Are you right? With a (…)

Read the rest of this entry »

Security is about outcomes, not about process

by adam on April 13, 2009

Nearly a decade ago Bruce Schneier wrote “Security is a process, not a product.” His statement helped us advance as a profession, but with the benefit of hindsight, we can see he’s only half right. Security isn’t about technology. Security (…)

Read the rest of this entry »

Microsoft Security Intelligence Report

by alex on April 9, 2009

The Microsoft SIR was released 4/8 and is available for download here.  Some of the interesting stuff they put in graphs is from the Open Security Foundation’s OSF Data Loss Database (http://datalossdb.org).  Among the interesting things in the Microsoft SIR: (…)

Read the rest of this entry »

New School Bloggers Speaking Today

by alex on April 8, 2009

So I apologize for short notice.  Hopefully the webmaster will get in gear and put up an event calendar or something, but here are a couple of events you might want to attend today that New School Bloggers are speaking (…)

Read the rest of this entry »

Cyber-Spies!

by alex on April 8, 2009

The WSJ has an article up today about how the Russians and Chinese are mapping the US electirical grid.  What I thought was more interesting was the graph they used (which is only mildly related to the article itself). If (…)

Read the rest of this entry »

Hello World?

by alex on April 7, 2009

Thanks for stopping by The New School of Information Security Blog.  We’re very “beta” right now, and anticipate having everything ready by the RSA conference (the week of the 17th).  If you’d like to see some recent content by our (…)

Read the rest of this entry »