Some Quick Items of Interest


  • I plan on following up yesterday’s discussion about modeling with specific application into security metrics tomorrow (or at least later this week), how the right model defeats FUD, but I have about a half a dozen things I thought you might like to see.

    Some I’ve put up on the Magnolia  group here so check those out.

    APPLE FIXING THINGS BEFORE THEY BECOME ISSUES?

    It’s become haught counter-culture these days to find issues with OSX (or anything Apple puts out).  This is fine, Microsoft deserves a break or two.  But if all the cool kids are doing it, I’m the kind of guy that wants to find the opposite of what the cool kids are doing – and my friend Brent Huston is praising Apple for fixing a bug he was verifying.    That one won’t be picked up by the New Zealand Herald, I guarantee.

    NEW WSJ ARTICLE

    Is out here.  This one has been influenced by our friend Rob Newby as heavily as he possibly  could.   That man’s sweat, love, and tears are in the article, so do check it out – and drop by Rob’s site to thank him for his effort.  I also found this on Beau Wood’s blog about the article.

     Cryptographic Strength Provably Random Number Generator

    If that phrase means anything to you, you may want to check out what my friends Aaron and Dan are up to.  If that phrase excites you, seek help, or self-medicate by contributing to the project, I’m sure they won’t mind.

    ISMS CERTIFICATION, WHAT FOR? 

    Rebecca Herold has an article on ISO 27001 et. al. on her excellent blog, here.   What I thought was interesting was this quote by John DiMaria, “a product manager at BSI Management Systems, a consulting company that helps organizations meet international certification standards“:

        “The U.S. has the most laws for security and privacy but the most security breaches of any country in the world.”

    …Di Maria “blames this [more breaches in the U.S. than elsewhere] on American companies’ fragmented approach to security.”

    I would love -  LOVE – to hear your thoughts on this quote, do comment if you have the time (and ability).  If your company forbids posting to blogs, you can always send me email- alex ::at:: riskmanagementinsight.com, and I’ll be glad to post it for you anonymously.

    CHECK IT OUT, WEB BASED SSH!

    That’s right, use a web site to ssh.  I’m really not sure how I feel about this.

    BEAKER IS ON

    This one’s in the Magnolia bookmarks, but I really enjoyed Chris Hoff’s post here so I thought I’d call it out.   I personally believe that everything, market innovation included, follows a wave-like pattern.  Maybe we’re just in a “valley” right now.

    2 FOR OFFTOPIC

    First, if you’re a “foodie” and you watch Top Chef or Anthony Bourdain’s No Reservations  (best.show.on.TV) you’ll want to be sure you follow Tony’s Top Chef Blog.

    Second, if you’ve ever dealt with top info/UI/UE designers, you’ll find this (SFW- but it is YouTube – so caution) to be funny.

    Posted on

  • 2 comments

    1. Rob Newby Aug 14

      I was sweating anyway…

      What about those guys at Chaos-in-Motion though! I don’t think they understand what Risk actually means… Are they in Security? Who is David Southwell?

      I’m still with you on shutting her piehole.

      The latest article is still weak, but at least it tries to make amends. The fact remains that security isn’t as cool as crime.

      One last ditch attempt to get a message across for the faint of brain however – WE DO NOT disagree with the WSJ article because it gives people ideas, we CAN cope with users doing this stuff, this is not the point.

      If you take ONE thing from this, make it this: The problem is the message that this article sent to much of corporate America, that it’s OK to ignore the rules and have a go at getting around them. Yes we could have stopped everything she talks about, but really, encouraging it is very irresponsible.

      And anyone who’s thinking of criticising Alex again can come through me first. I will shut your piehole for you…

    2. Chris Aug 22

      “U.S. has the most breaches”

      Prove it.

      What? You say you have virtually no data on breaches outside the U.S.? Well, that means they either do not exist, or the data stinks. Given that believing the former causes the proffered argument to be circular, the onus is on the gent making the assertion to substantiate it. He can’t, and the reason he can’t is that he (and we) lack the data.

    Leave a reply