Instead of my usual "blogging frenzy" machine gun blast of short posts, I will just combine them into my new blog series "Fun Reading on Security." Here is an issue #5, dated June 11, 2008.
- Another fun (and horrible) laptop theft story, to be shown to those naive souls who say "ah, just stolen for hardware"
- Very fun dailydave thread on security future (sad, of course :-)) - here is an excerpt: "The complexity in security is not from any complexity in technology but the complexity in motivating people to truly care about security and act accordingly."
- Prediction markets for security? Fun idea!
- "Elevator pitch for explaining security risks to executives" by Lenny Zeltser @ SANS.
- "In Praise of the Information Security Checklist."
- A great WAF battle rages on (here and in many other places). PCI + June 30 + 6.6 + WAF = BOOM!
- How do you protect from IT admins "going bad?" Separate data and infrastructure (easier said than done, for sure). Another related one is "Staff more dangerous than hackers."
- Curious about PCI DSS compliance outside the US? Read this and this. Yes, it is pretty bad.
- "Terminating an employee with privileged access" from SANS (scroll to bottom)
- An interesting view on sad state of academic research in information security.
- Useful reminder to many people pushing silly/useless security solutions: while you are doing this, your organization is losing 6% of revenue to fraud. Today. Every day. Fraud checklist is linked there as well.
- Rich on "consumerization" of IT. Good stuff. You are ready for it, aren't you? More on this subject.
- Obviously, you are reading Mike R mid-year grades for his predictions. One that failed in the most spectacular fashion (grade "D") is also an instructive read.
- Really good post on security vs risk management. Just read it.
- Matasano launches a GRC solution :-)
- After "security idiot" became "an official meme", it didn't take long for SecurityIdiot.com to launch with much fanfare! If you are still wondering how to misspell "SOX" go there... the mystery is answered.
See you next time!