Subscribe:
RSS feed
-
Follow
Following
Already have a WordPress.com account? Log in now.
At most places ( that I came across so far) the sea of log files produced by usually talkative IT infrastructures was still used in just a rudimentary fashion (if at all) for diving into it and retrieving information intelligence to be used for InfoSec analysis and management. The problem The security management team is desperately looking for […]
August 21, 2011
Communication is the lifeblood to do business – and email is still the lifeblood for communication. Out of the box email of even the newest software and systems is not digitally signed. When looking at the advantages the use of digital email signatures theoretically has (sender authenticity, message integrity, communication transaction non-repudiation) one should think it should […]
July 10, 2011
In the meeting rooms of Evonic Industries, a German company specialized in chemicals, one can nowadays always find empty cookie cans. Not because Evonic managers are particular affectionate about sweets, but because they are supposed to put their cell phones into the cans when discussing confidential matters. The measure is one of the many instructions […]
June 21, 2011
Is the arrival of the (Google) Chromebook the arrival of a business class Thin-Client-for Cloud-Computing? Now, the Thin-Client concept is anything but new, and thin clients are actually an endpoint-security dream for the InfoSec Manager. Application as well as OS vulnerability based attack vectors against thin clients are minimal compared to those of a “fat” […]
June 3, 2011
This May, Microsoft released some interesting reports: the Microsoft Security Intelligence Report Volume 10 (SIR v10) and the Microsoft Malware Protection Center (MMPC) Threat Report. The latter, a follow up to the 2010 special report on Battling Botnets, focuses on Qakbot, a rootkit based stealth-mode backdoor that steals sensitive user data from infected machines. SIRv10 […]
May 14, 2011
Compliance The need to be compliant to this or that is one of the rare principles that are relatively easy to sell to the board. Confusion, however, usually kicks in as soon as the scope of the compliance has to be decided on. By that, I do not mean the scope of the compliance criteria […]
May 10, 2011
An important lesson learned from dealing with an organization-wide Information Security Awareness program: train the supervisor, or more precisely: train the supervisors first ! Let’s face it: if you are not Google, Amazon or a financial player, chances are high that your senior management has a rather vague idea of information security areas and what […]
May 8, 2011
The Privacy Commissioner of Canada recently published a report called Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing. There are two laws in Canada dealing with privacy protection: The Privacy Act and PIPEDA, the Personal Information Protection and Electronic Documents Act. While the Privacy […]
April 28, 2011
Now, it is a kind of a must to comment on the recent Hacking of the Sony PlayStation Network (SPN). The scope and numbers are staggering. 77 million customer’s personal information got compromised, and we are talking about every detail a customer had to give away when registering with the Sony service (and Sony asked for a […]
RealLifeISM 
September 19, 2011
0