Separation of Duties: InfoSec, IT and Audit
A colleague who had the opportunity to restructure the role of his InfoSec department asked for advice about defining the roles and duties and how to make his department more effective. Being very...
View ArticleThird-party code putting companies at risk
Image via Wikipedia http://www.infoworld.com/d/developer-world/third-party-code-putting-companies-risk-302 This opens: The use of third-party code in applications represents a big security risk for...
View ArticleFwd: How Quality Drives the Rise and fall of hi-tech products
http://sloanreview.mit.edu/the-magazine/2011-summer/52403/how-quality-drives-the-rise-and-fall-of-high-tech-products I'm dubious. On the one hand I recall a book titled "In Search of Stupidity", which...
View ArticleDoes ISO 27001 compliance need a data leakage prevention policy?
On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the criteria for choosing a Data Loss Prevention mechanism. I get criticised...
View ArticleOpenBSD forks, prunes, fixes OpenSSL
http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/#ftag=RSS86a1aa4 Interesting, eh? At the very least, this will apply a 'many eyes' to some of the SSL code and so long as the ssh...
View Article14 antivirus apps found to have security problems
http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the "All A are B" illogic in this and consider what we've known all along. AV doesn't...
View ArticleCan We Secure the ‘Internet of Other People’s Things’?
http://www.eweek.com/security/can-we-secure-the-internet-of-other-peoples-things.html I think that title expresses the problem very well. There are a few generalizations and 'skating on thin ice' in...
View Article
