Category Archives: Auditing
BSIMM – Top Ten Surprises
May 26, 2009 – 6:00 am
–
In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/ Most of the results are intuitively obvious … after the fact, that is. But some…
Security and Audit – BFFLs? Maybe not, but…
November 21, 2008 – 6:00 am
–
…we may have lots of reasons to work together more closely. Maybe it is just the luck of the draw that at almost every employer for the last 15 years, I have been the one to manage our audit relationships, but I am certainly suspicious my good fortune is other than divinely inspired. …
The Misleading Nature of Schneier’s Security Mindset
April 10, 2008 – 6:00 am
–
Recently Bruce Schneier wrote an essay on the Security Mindset. In it he wrote: Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They…
Reflections on Passwords: Cracking and Log Analysis
August 22, 2007 – 6:00 am
–
This post on Emergent Chaos caused me to reminisce a bit. Back in the day, one of my responsibilities was password auditing (cracking). Unlike many other password auditors, I was internal to the company, not an external auditor. I knew the people who’s passwords I was cracking. In addition,…
Slashdot Post On Security Ethics Demonstrates Professional Naiveness