Decade after decade politics moves from regulated economies to de-regulated economies. Changes are usually are triggered by “unpredictable events” (in political speak). We are almost certainly about to go onto a period of heavy government regulation of the financial services industry where “unpredictable events” or “failure” in plain English is blamed on inadequate of regulation. [...]
Archive for the 'Certification' Category
Tenets of Effective BPM
February 28, 2008It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]
Notes from a Big Island
October 24, 2007I am currently on my way back (this post was started on a plane) from a superb two weeks in Redmond meeting with my team and other folks in various parts of Microsoft. There is just so much cool stuff going on and in the plans that it’s hard to know where to start. I’ll [...]
Notes from Helsinki
October 2, 2007 When you have a choice between Reindeer steak or Beef steak on your menu you know you are in Finland! I like Finland, it’s great. Really nice people and a lovely coastal environment. At this time of year for someone who still live in the South of France it is a little cold!
I [...]
The Ticking Time Bomb – PCI Application Security
September 25, 2007A while back I wrote a blog post called Lets call a Fig a Fig about the limitations of web application firewalls and the sheer ludicrousness of a security standard offering an alternative of choosing a code review or a web application firewall.
This morning I was reading an excellent post by Chris Eng about [...]
Ambiguous Security Standards
September 4, 2007Some security standards make statements that are ambiguous. One example is the PCI DSS that says “only necessary ports should be open”. The default effect of this ambiguous statement is for all sites to legitimately claim that all open ports are necessary and everyone passes. “The Remote Desktop Protocol is necessary to remotely manage the [...]
More Long Tail Security Thoughts
August 13, 2007Judging by the blog stats readers have been enjoying my Trends for Information Security and Long Tail of Information Security (Part 1 and Part 2) posts earlier this week. A few people have mailed me off-line asking for clarifications and suggesting ideas. Having thought about the questions raised and fired off answers (with various degrees of thought) [...]
The Long Tail of Information Security (Part 2)
August 5, 2007My last post The Long Tail of Information Security (Part 1) described why I think information security exhibits Long Tail economic characteristics, outlined the three forces of long tail markets and discussed the first, democratization of tools for production. The intent is to provide an insight into what the future of information security may look [...]
The Long Tail of Information Security (Part 1)
August 4, 2007
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point. I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]
Trends in Information Security
August 4, 2007I found myself thinking some “big sky” thoughts about trends in information security recently. Here they are.
- The Business of Information Security
- The Internet Economy
- Governance, Risk and Compliance
- The Hunt for the Information Security Bullet is Ending
- The Whole Solution Movement
- Convergence and Integration
- The World is Flattening
The Business of Information Security
As the new breed [...]
Recent Comments