Measuring ROI for DMARC

by nsadmin on October 17, 2018

I’m pleased to be able to share work that Shostack & Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. In doing this, we created some new threat models for email, and some new statistical analysis (…)

Read the rest of this entry »

GAO Report on Equifax

by nsadmin on October 12, 2018

I have regularly asked why we don’t know more about the Equifax breach, including in comments in “That Was Close! Reward Reporting of Cybersecurity ‘Near Misses’.” These questions are not intended to attack Equifax. Rather, we can use their breach (…)

Read the rest of this entry »

Does PCI Matter?

by nsadmin on October 9, 2018

There’s an interesting article at the CBC, about how in Canada, “More than a dozen federal departments flunked a credit card security test:” Those 17 departments and agencies continue to process payments on Visa, MasterCard, Amex, the Tokyo-based JCB and (…)

Read the rest of this entry »