Last night, the fine folks at Verizon posted the 2009 version of the DBIR. I haven’t had time to do a full deep dive yet, but I thought I’d share my initial notes in the meantime. Stuff in italics is from the DBIR, regular text is me: 81 percent of organizations subject to PCI DSS [...]
The intersection of cime and technology is a fascinating place. Innovation of fraud, theft, and industrial espionage is occurring at a phenomenal pace and is producing no shortage of real problems that Information Risk and Security professionals need to be learning about and addressing. Unfortunately, the noise coming from journalists in this space is so [...]
Several commenters on yesterday’s post brought up the excellent point that its hard to talk about outcomes when you think you haven’t had any incidents. (“Consider the bank that had no attempted robberies this year”) Are you right? With a bank, it’s pretty easy to see most robberies. What’s more, we have the FBI showing [...]
Nearly a decade ago Bruce Schneier wrote “Security is a process, not a product.” His statement helped us advance as a profession, but with the benefit of hindsight, we can see he’s only half right. Security isn’t about technology. Security is about outcomes, and our perceptions, beliefs and assurance about those outcomes. Here’s a quick [...]
The Microsoft SIR was released 4/8 and is available for download here. Some of the interesting stuff they put in graphs is from the Open Security Foundation’s OSF Data Loss Database (http://datalossdb.org). Among the interesting things in the Microsoft SIR: Good old theft and losing equipment, when combined, still beats the sexier categories hands down. [...]
So I apologize for short notice. Hopefully the webmaster will get in gear and put up an event calendar or something, but here are a couple of events you might want to attend today that New School Bloggers are speaking at. First, David Mortman is giving “The Mortman Briefing: Metrics for the Real World”over at [...]
The WSJ has an article up today about how the Russians and Chinese are mapping the US electirical grid. What I thought was more interesting was the graph they used (which is only mildly related to the article itself). If I’m reading this correctly, the DHS is claiming that there were just under 70,000 breaches [...]
Thanks for stopping by The New School of Information Security Blog. We’re very “beta” right now, and anticipate having everything ready by the RSA conference (the week of the 17th). If you’d like to see some recent content by our authors, I had a recent post on the Verizon/Cybertrust blog about the PCI DSS and [...]