Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
- john doe on An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)
- Adam Shostack on PCI DSS Position on Patching May Be Unjustified
- Jens Laundrup on PCI DSS Position on Patching May Be Unjustified
- Kris on Medical Identity Theft: Your Money or Your Life
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Tag Archives: Industry Commentary
The Misleading Nature of Schneier’s Security Mindset
April 10, 2008 – 6:00 am
–
Recently Bruce Schneier wrote an essay on the Security Mindset. In it he wrote:
Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They…
California Wildfires and Data Back-ups
December 6, 2007 – 6:00 am
–
It looks as though business continuity and off-site data backups / storage are being introduced to the consumer rather than just corporate entities.
The wildfires in California have something to do with this…
So when I hear about fires in southern California, or hurricanes in the southeast,…
Why I no longer report website vulnerabilities that I stumble upon…
November 19, 2007 – 6:00 am
–
I wrote this in July 2007 but decided against publishing it at the time. In July, I felt that I did not have a significant, publicly known case to help make the argument legitimized. The Dan Egerstad case prompted me to change my opinion.
—-
There was a time that if I found a vulnerability…
Linus Torvalds: Security a matter of opinion
October 3, 2007 – 6:00 am
–
I found this on Slashdot. It points to an article here.
Here is Torvalds on security:
“Schedulers can be objectively tested. There’s this thing called ‘performance’, that can generally be quantified on a load basis.
“Yes, you can have crazy ideas in both schedulers…
CIO: The Next Career Step After Being The CISO? Why Not?