Archive for the 'Certification' Category
« Mark Curphey - SecurityBuddha.com
home page
February 28, 2008
It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]
Categories: ACE Team, Certification, Compliance, Dashboards, Information Security Economics, Microsoft, Security Industry, Visualization
Comments: 1 Comment
October 24, 2007
I am currently on my way back (this post was started on a plane) from a superb two weeks in Redmond meeting with my team and other folks in various parts of Microsoft. There is just so much cool stuff going on and in the plans that it’s hard to know where to start. I’ll [...]
Categories: ACE Team, Certification, Compliance, Information Security Economics, Microsoft, PCI, Platforms, Privacy, Regulation, Security Industry, Software Development, Software Security, Visualization, Web Security, Working Life, information security
Comments: Be the first to comment
October 2, 2007
When you have a choice between Reindeer steak or Beef steak on your menu you know you are in Finland! I like Finland, it’s great. Really nice people and a lovely coastal environment. At this time of year for someone who still live in the South of France it is a little cold!
I [...]
Categories: Certification, OWASP, PCI, Regulation, Security Industry, Software Security, Web Security, information security
Comments: 1 Comment
September 25, 2007
A while back I wrote a blog post called Lets call a Fig a Fig about the limitations of web application firewalls and the sheer ludicrousness of a security standard offering an alternative of choosing a code review or a web application firewall.
This morning I was reading an excellent post by Chris Eng about [...]
Categories: Certification, Compliance, Information Security Economics, PCI, Regulation, Security Industry, Software Security, Web Security, information security
Comments: 8 Comments
September 4, 2007
Some security standards make statements that are ambiguous. One example is the PCI DSS that says “only necessary ports should be open”. The default effect of this ambiguous statement is for all sites to legitimately claim that all open ports are necessary and everyone passes. “The Remote Desktop Protocol is necessary to remotely manage the [...]
Categories: Certification, Compliance, PCI, Security Industry, Web Security, information security
Comments: 8 Comments
August 13, 2007
Judging by the blog stats readers have been enjoying my Trends for Information Security and Long Tail of Information Security (Part 1 and Part 2) posts earlier this week. A few people have mailed me off-line asking for clarifications and suggesting ideas. Having thought about the questions raised and fired off answers (with various degrees of thought) [...]
Categories: Certification, Compliance, Cool Business, Dashboards, Information Security Economics, Long Tail Security, Security Industry, Security metrics, information security
Comments: 1 Comment
August 5, 2007
My last post The Long Tail of Information Security (Part 1) described why I think information security exhibits Long Tail economic characteristics, outlined the three forces of long tail markets and discussed the first, democratization of tools for production. The intent is to provide an insight into what the future of information security may look [...]
Categories: Certification, Compliance, Cool Business, PCI, Ramblings, Regulation, Security Industry, Security metrics, Speaking, Visualization, information security
Comments: 4 Comments
August 4, 2007
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point. I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]
Categories: Blogonomics, Certification, Compliance, Cool Business, PCI, Ramblings, Regulation, Security Blogs, Security Industry, Security metrics, Speaking, Visualization, information security
Comments: 5 Comments
August 4, 2007
I found myself thinking some “big sky” thoughts about trends in information security recently. Here they are.
- The Business of Information Security
- The Internet Economy
- Governance, Risk and Compliance
- The Hunt for the Information Security Bullet is Ending
- The Whole Solution Movement
- Convergence and Integration
- The World is Flattening
The Business of Information Security
As the new breed [...]
Categories: Certification, Compliance, PCI, Regulation, Security Industry, Security metrics, information security
Comments: 11 Comments
July 26, 2007
Om Malik suggests for a $1 a month people would pay the search engines to remove their digital search footprint in his blog post here.
If not today, but soon enough, we might be willing to pay to protect the privacy, and erase the digital footprints we are leaving behind…………….turn privacy into an opportunity for making [...]
Categories: Certification, Compliance, Cool Business, Security Industry, Software Security
Comments: 1 Comment
Recent Comments