Friday, October 31, 2008

Fun Reading on Security AND Compliance – 9

Instead of my usual "blogging frenzy" machine gun blast of short posts, I will just combine them into my new blog series "Fun Reading on Security." Here is an issue #9, dated October 30th, 2008. BTW, I am renaming it into “Fun Reading on Security AND Compliance”

  1. “A Gartnergate?” What happened after Mr Pescatore uttered his now famous 12 words: “The best security program is at the business with the happiest customers.” This (complete with Gunnar’s famous “firewalls+SSL” chart), this – will add more as this snowballs.
  2. Do you have an “ignorable” security policy? If yours is BOTH “ignorable” and “unfair”, then fuggedaboutit. Cisco survey kinda proves it. A few fun comments are here (“If people can't get their jobs done without having to find a way to circumvent policy then the policy is wrong.”)
  3. Risk and clouds – here, here, here and here in poetic form (!). Fun reading, but you know what? For many, many organization, what they have today is LESS secure than any future cloud computing advance…
  4. Richard Bejtlich drop-kicks SIEM too, then kicks it in the balls. Then kicks the dead horse (1,2,3)
  5. Excellent reminder about why people don’t care about security with a fabled quote from MJR (yes, it is my fave too!) Overall, Rich “reassures” with: “Don’t worry. When things get bad enough, we’ll get the call. If you’ve kept your documentation and communications up, you won’t get shafted with the proverbial short end.”
  6. A few essays on risk, from ANSI, from Schneier and from BlogInfoSec (part 1 and part 2, especially read part 2)
  7. So, what do CTOs really do every day? Interesting summary here and here.
  8. Fun exploration of security x privacy x compliance.
  9. Burton Group opines on which security technologies will fare better/worse during "The crisis”
  10. A really fun interview with our CEO Philippe Courtot here.
  11. More on IT vs IT security, this time from Richard.
  12. Do you want people like that doing “security”? A normal call center employee recognizes fraud, but their so-called “outsource security dept” authorizes the scam. Niiice.
  13. Finally, “Robots Hunt 'Non-Cooperative Humans' in Army Plan” No comment :-)


Dr Anton Chuvakin