Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
- john doe on An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)
- Adam Shostack on PCI DSS Position on Patching May Be Unjustified
- Jens Laundrup on PCI DSS Position on Patching May Be Unjustified
- Kris on Medical Identity Theft: Your Money or Your Life
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Tag Archives: Legal & Regulatory Issues
Should the US Military Create a DDOS Botnet?
May 15, 2008 – 6:00 am
–
Absolutely. The military should have both defensive and offensive capabilities in electronic warfare, just as in traditional warfare. DDOS capabilities to knock attackers off-line should certainly be a priority. If one believes that it should be policy to “walk softly and carry a big…
Why security breaches are still bad for you….
March 30, 2007 – 6:53 am
–
Shostack’s paper/presentation rests on the following assumptions:
1. Security Breaches normally do not have much of an impact
2. Security Breaches increase transparency
3. Information Security Transparency is good
4. Transparency allows us to collect data which in turn allows us to create…
Be honest: What’s the value of that data you’re protecting?
March 19, 2007 – 6:58 am
–
Last night I was at a corporate dinner and met a CISCO rep. He assured me that the value was in the network. I replied that from my perspective the value is in the data. I proceeded to give him a little thought experiment: Suppose my social security number is on a hard drive and [...] …
FIRST Links to My Reputational Paper from their Website
October 11, 2006 – 6:45 pm
–
FIRST (Forum of Incident Response and Security Teams) cited my paper (here) as “old but interesting.” Hmmm… Anyone willing to collaborate on the research of stock data? I still think the general arguments hold, but I could be mistaken.
…
Apple on DRM: Its Relevance to Our Virtual Trust Paper