Will Full Autonomy Ever Be Realized?

Matt Novak of Gizmodo posted an article on April 30, 2021 with the title “Elon Musk Shares Painfully Obvious Idea About the Difficulty of Self-Driving Cars,” available at Elon Musk Shares Painfully Obvious Idea About the Difficulty of Self-Driving Cars ( Novak quotes an April 29, 2021 Tweet by Elon Musk, as follows: “A major […]

Inadequate Cybersecurity

It is customary to begin an article on cybersecurity with statements about huge increases in threats and attacks and mounting cyberspace losses from fraud, identity theft, ransoms, data exfiltration, blackmail, etc. Few, who confront cyber issues daily, question such assertions, but there are some who say “prove it!” But, when you delve into it, proving […]

Featured Articles

The CIA Triad: Theory and Practice

() Recently published an article by Warren Axelrod entitled, It’s About Availability and Integrity (not so much Confidentiality). It appears that the article Read more…

6 Theories of Probability and 6 Reasons Why They Matter to ISRA

() While probably everyone would agree that information security risk analysis (ISRA) is shot through with appeals to probability, very few non-academic discussions of ISRA provide Read more…

Decision Theory is the Foundation for Information Security Risk Management

() Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information Read more…

H1N1 Threat Overblown? Information Security Relevance? A Logic Proof

() “H1N1 was totally overblown. Nothing really terrible happened. No one suffered a pandemic and the resulting deaths were less in number than the deaths from the regular Read more…

Network Solutions “Hacked Account” Demonstrates Incompetence

() When in doubt, claim the account was hacked. That appears to be the reasoning of a Network Solutions Technical Support Representative. Normally I do not write about other Read more…

US Drones Hack: It’s The Same Old Story

() CNN reports that Iraqi insurgents were able to hack and view live feeds from US Spy Drones. The vulnerability was a non-technical one. The article summarized the issue as thus: Read more…

DHS Security Control May Improve Airport Economy

() It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when Read more…

Video: Hard Drives – Watch Them Shred

() While it’s the dream of almost every information security department to send their hard drives off to the shredder to destroy sensitive data, few of us have actually Read more…

Being Evil versus Doing Harm

() Mea culpa. …. Craig Heath rightly states that the Google motto is “Don’t be evil” and not “Do no harm,” as I had misquoted in my column Read more…

Google Doing Harm

() As we all know, Google’s motto is (was?) “Do no harm” … which, it appears, they took directly from the modern version of the physician’s Hippocratic Read more…

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

() This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or Read more…

Passwords – Déjà Vu All Over Again

() With due credit to Yogi Berra, I found myself groaning “not again” when reading Randall Stross’s article “Goodbye, Passwords. You Aren’t a Good Read more…

Security and Audit – BFFLs? Maybe not, but…

() …we may have lots of reasons to work together more closely. Maybe it is just the luck of the draw that at almost every employer for the last 15 years, I have been the one Read more…

What is Russell Handorf’s Secret?

() Russell Handorf seems to have a secret that has been withheld from the ten other contributors to bloginfosec.  Russell himself may know this secret, although it’s quite Read more…

Down the PCI Rabbit Hole in Search of Better Risk Measurements

() Decision-making is often a product of risk assessment and prioritization.  Currently, I have several deliverables pending for work, a carpentry project at home and this article Read more…

Recent Articles

Will Full Autonomy Ever Be Realized?

Inadequate Cybersecurity

Will Ransomware Cause the End of the Internet as We Know It?

Will AI Short Circuit Cybersecurity?

Cybersecurity Lessons from the Pandemic: Hubris

Cybercrime’s Dark Triad

Cybersecurity Lessons from the Pandemic: Getting Lucky

Malicious vs. Malevolent Software Programs

Cybersecurity Lessons from the Election: Human Behavior

Solar Winds Blow Hard

CISA and Desist

Cybersecurity Lessons from the Pandemic: Protection

Cybersecurity Lessons from the Pandemic: Prevention

Cybersecurity Lessons from the Pandemic: Avoidance

Cybersecurity Lessons from the Pandemic: Plans, Exercises and Warnings

Cybersecurity Lessons from the Pandemic: Perception of Risk

Cybersecurity Lessons from the Pandemic – Positive and Negative Feedback

The Massive Shift to Cyber Crime

Cybersecurity Lessons from the Pandemic: Models and Predictions

The Demise of the Internal Datacenter and Consequential Risks

Cybersecurity Lessons from the Pandemic: Metrics and Decision-Making

Cybersecurity Lessons from the Pandemic: Data – Part 2

Cybersecurity Lessons from the Pandemic: Data – Part 1

Outsourcing, Supply Chains and (National) Security

Value and Uncertainty in Pandemic Metrics

Surveillance, Privacy and Trust

Security Risks during Recovery and Repair

Truth, Trust and Cybersecurity Risk

Cybercriminals’ Motivations during Catastrophic Times

Cybersecurity Risk Management … Beyond the “Golden Period”

The Burisma Hack … Cyberwar or Not?

Another Boeing Software “Glitch”

Y2K … Two Decades Later

The FS-ISAC at Twenty

The Cyber Tipping Point—Are We There Yet?