Archive for the “Uncategorized” category

Learning Lessons from Incidents

by adam on March 3, 2017

After the February, 2017 S3 incident, Amazon posted this: We are making several changes as a result of this operational event. While removal of capacity is a key operational practice, in this instance, the tool used allowed too much capacity (…)

Read the rest of this entry »

Seeing the Big Picture

by adam on December 12, 2016

This quote from Bob Iger, head of Disney, is quite interesting for his perspective as a leader of a big company: There is a human side to it that I try to apply and consider. [But] the harder thing is (…)

Read the rest of this entry »

Transparency: When Security Pros Get Popped

by David Mortman on January 7, 2014

Rich Mogul over at Securosis (N.B. I’m a contributing analyst there) has a great post on how, due to human error, some of his AWS credentials got nabbed by some miscreants and abused. We here at the New School love (…)

Read the rest of this entry »

Updated WordPress

by adam on June 26, 2013

Please let us know if you see anything strange

Celebrating 5 Years of New School: 40% off!

by adam on April 10, 2013

Thanks to Addison Wesley, who are offering 40% off the book. Apply code NEWSCHOOL40 to get your discounted copy. (You apply the code after proceeding to checkout.)

By looking for evidence first, the Brits do it right

by Russell on April 9, 2013

As it happens, both the US Government and the UK government are leading “cyber security standards framework” initiatives right now. ┬áThe US is using a consensus process to “incorporate existing consensus-based standards to the fullest extent possible”, including “cybersecurity standards, (…)

Read the rest of this entry »

New School Thinking At Davos

by adam on March 22, 2013

This week I have experienced an echo of this pattern at the 2013 WEF meeting. But this time my unease does not revolve around any financial threats, but another issue – cyber security. … [The] crucial point is this: even (…)

Read the rest of this entry »

On Disclosure of Intrusion Events in a Cyberwar

by adam on January 12, 2013

[This guest article is by thegruq. I’ve taken the liberty of HTML-ifying it from his original, http://pastie.org/5673568.] On Disclosure of Intrusion Events in a Cyberwar The Nation State’s guide to STFU In a cyberwar (such as the ongoing events on (…)

Read the rest of this entry »

New School Thinking at the European Union

by adam on January 3, 2013

I was pretty excited to see this: An EU official said the aim of the report was to get companies to be more open about cyber attacks and help them fend off such disruption. “We want to change the culture (…)

Read the rest of this entry »

Information Security Risk: A Conversation with CSO

by adam on December 17, 2012

Earlier this month, I spoke with Derek Slater: In early 2008, Adam Shostack and Andrew Stewart released the book The New School of Information Security. And they launched a blog in support of the book and its message. I wondered (…)

Read the rest of this entry »