Cures versus Treatment

by Chandler on August 28, 2009

A relevant tale of medical survival over at The Reality-Based Community: Three years ago a 39-year-old American man arrived at the haematology clinic of Berlin’s sprawling Charité hospital. (The venerable Charité, one of the great names in the history of (…)

Read the rest of this entry »

I’m OK When The System Works – Even If It Is A False Alarm

by alex on August 28, 2009

——————————— UPDATE:  @lbhuston gives us the dirty low down here: http://stateofsecurity.com/?p=766 ——————————— This was a test of the emergency broadcast system.  This was only a test, had this been a real change in the Threat Landscape….. You may have read (…)

Read the rest of this entry »

Visualization Friday – Back From Hiatus

by alex on August 28, 2009

Hey all, sorry it’s been so long since I put up some eye candy.  Today’s posts come from the usual sources (flowing data and other various information design blogs) but I also wanted to point you to a new source (…)

Read the rest of this entry »

Mike Dahn Wants to NewSchool PCI

by alex on August 26, 2009

And I couldn’t agree more. Capability and Maturity Model Creation in Information Security — PS – sorry for using “NewSchool” as a verb.

Suing Into the Box

by David Mortman on August 20, 2009

Todays New York Times has an interesting article “A Lawsuit Tries to Get at Hackers Through the Banks They Attack” about the folks over at Unspam who are suing under the Can-Spam Act in an attempt to get the names (…)

Read the rest of this entry »

What should the new czar do? (Tanji’s Security Survey)

by adam on August 19, 2009

Over at Haft of the Spear, Michael Tanji asks: You are the nation’s new cyber czar/shogun/guru. You know you can’t _force _anyone to do jack, therefore you spend your time/energy trying to accomplish what three things via influence, persuasion, shame (…)

Read the rest of this entry »

Heartland/TJX/Hannaford hacker caught

by adam on August 18, 2009

I’ve been busy and haven’t had a lot of time to dig in, but Rich Mogull has some really good articles, “Heartland Hackers Caught; Answers and Questions,” and “Recent Breaches- We May Have All the Answers.” I have two questions: (…)

Read the rest of this entry »

Mortman/Hutton Security-BSides & Black Hat Presentation Available

by alex on August 17, 2009

Hey y’all, happy Monday morning.   I’ve put Dave & my presentation for Security BSides up on slideshare: http://www.slideshare.net/alexhutton/mortmanhutton-security-bsides-presentation Mortman/Hutton Security B-Sides Presentation View more presentations from alexhutton. Also note that this includes the Black Hat presentation we gave on the (…)

Read the rest of this entry »

Incomplete Thought: Compliance, Governance, Audit and Risk aka GRC We’re Doing It Wrong

by David Mortman on August 13, 2009

There’s been lots of discussion here and elsewhere about what’s wrong with GRC as a market and that discussion is pretty spot on. However, last week, I was chatting with Alex and it suddenly hit me that while GRC doesn’t (…)

Read the rest of this entry »

Heartland CEO and Outrage

by adam on August 13, 2009

Bill Brenner has an interview with Robert Carr, the CEO of Heartland. It’s headlined “Heartland CEO on Data Breach: QSAs Let Us Down.” Some smart security folks are outraged, asserting that Carr should know the difference between compliance and security, (…)

Read the rest of this entry »