Gershwin & Stats…
by alex on October 29, 2010
I’m a nerd, yes.
TSA: Let us Take Nekkid Pics of You Or You Get “Bad Touch”
by alex on October 29, 2010
Apparently, the TSA is now protecting us so well that they make women cry by touching them inappropriately. According to (CNN Employee Rosemary) Fitzpatrick, a female screener ran her hands around her breasts, over her stomach, buttocks and her inner (…)
A Letter from Sid CRISC – ious
by alex on October 25, 2010
In the comments to “Why I Don’t Like CRISC” where I challenge ISACA to show us in valid scale and in publicly available models, the risk reduction of COBIT adoption, reader Sid starts to get it, but then kinda devolves (…)
Seriously? Are We Still Doing this Crap? (RANT MODE = 1)
by alex on October 20, 2010
These days I’m giving a DBIR presentation that highlights the fact that SQLi is 10 years old, and yet is still one of the favorite vectors for data breaches. And while CISO’s love it when I bring this fact up (…)
Re-architecting the internet?
by adam on October 19, 2010
Information Security.com reports that: [Richard Clarke] controversially declared “that spending more money on technology like anti-virus and IPS is not going to stop us losing cyber-command. Instead, we need to re-architect our networks to create a fortress. Let’s spend money (…)
Call for Questions: 451 & Verizon DBIR Webinar
by alex on October 13, 2010
Hey everyone. I wanted to mention that Josh Corman of the 451 Group has graciously decided to make a webinar with me on the Data Breach Investigations Report , and has even made the webinar open to the public. So (…)
Java Security & Criminals
by adam on October 12, 2010
Brian Krebs has an interesting article on “Java: A Gift to Exploit Pack Makers.” What makes it interesting is that since information security professionals share data so well, Brian was able to go to the top IDS makers and get (…)
Society Of Information Risk Analysts (SIRA) Meeting Thursday!
by alex on October 12, 2010
HEY! SIRA Meeting on Thursday – click here for a calendar invite/reminder thingy/.ics file -> http://bit.ly/b5RKl9 In long format: Topic: SIRA RISK OCT – SANS! Date: Thursday, October 14, 2010 Time: 10:30 am, Eastern Daylight Time (New York, GMT-04:00) Meeting (…)
Lessons from HHS Breach Data
by adam on October 11, 2010
PHIPrivacy asks “do the HHS breach reports offer any surprises?” It’s now been a full year since the new breach reporting requirements went into effect for HIPAA-covered entities. Although I’ve regularly updated this blog with new incidents revealed on HHS’s (…)
Fines or Reporting?
by adam on October 1, 2010
Over at the Office of Inadequate Security, Dissent does excellent work digging into several perspectives on Discover Card breaches: Discover’s reports, and the (apparent) silence of breached entities. I’m concerned that for many of the breaches they report, we have (…)