Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: InfoSec Economics

Vindication for Toyota? Proving the Negative

– In my February 16, 2010 Bloginfosec column “Negative Testing Revisited – Vehicle Control Systems (Part 1),” I describe and discuss the concerns about the software controlling the brakes on Toyota regular-engine and hybrid vehicles and Ford hybrids. The supposition was that there were…

Response to Gary Hinson

– First, you should know that I very much agree with and respect Gary Hinson’s approach to infosec. I have frequently quoted his definitive paper “Seven myths about information security metrics,” which first appeared in the July 2006 issue of The ISSA Journal, and which you can on the website…

Cloud Computing Security at Newsweek

– Daniel Lyons will publish an op-ed on the insecurity of cloud computing in Newsweek‘s February 1st, 2010 issue. The  main thrust of the article can be summarized as such: But there is one big, glaring problem with cloud computing, and it just got laid bare in Google’s recent problems…

Classy Data (pt. 3) – Ownership and Risk

– Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to…

DHS Security Control May Improve Airport Economy

– It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when boarding, each flight airport hop benefits because passengers need to re-purchase drinks when they land and exit the aircraft.…