Decade after decade politics moves from regulated economies to de-regulated economies. Changes are usually are triggered by “unpredictable events” (in political speak). We are almost certainly about to go onto a period of heavy government regulation of the financial services industry where “unpredictable events” or “failure” in plain English is blamed on inadequate of regulation. [...]
Archive for the 'Compliance' Category
Security Best Practices
September 3, 2008Best practiceAn idea that has no evidence to support its merits, and that probably doesn’t work, but that you can attribute to someone else when things go horribly, horribly wrong.
Sample Usage: Don’t worry about the noise from that flaky Geiger counter; this plant complies with all best practices.
Tenets of Effective BPM
February 28, 2008It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]
The New Rogue Trader
January 25, 2008In a former life I designed and installed some two factor Authn and cyrpto systems for ING Barings (home of the first rogue trader Nick Leeson) in the 90’s. Let me tell you that no single FX or Options trader can run up 7 billion of debts without serious collusion. Watch this space! This story [...]
Dear Idiot, Your New UK Security Tools Law Sucks!
January 18, 2008Dear Idiot (Tom Harris – Labour MP for Glasgow),
The world has gone mad and I am boarding the next commercial flight on Virgin Galactic in search of a world where numnuts and numties no longer rule.
It was my birthday last Thursday and very peasant it was too. I got back from a week in [...]
You Can’t Spell Compliance without Liance
November 9, 2007Yesterday morning I was in chilly Chicago. On the train into downtown I asked the guy sitting next to me if the next stop was mine (showing him the address on my phone). He kindly spent 5+ mins guiding me off the train and through the maze onto Madison St. and to my meeting location. [...]
A Sneak Peek at Some Cool Software Security Tools
October 25, 2007My last blog leads me neatly onto to the good stuff. Joining a new company is like a poker game. They need to tell you enough to get you interested but not too much that if you decide not to join you could screw up their plans. I knew ACE had bits of cool stuff [...]
Notes from a Big Island
October 24, 2007I am currently on my way back (this post was started on a plane) from a superb two weeks in Redmond meeting with my team and other folks in various parts of Microsoft. There is just so much cool stuff going on and in the plans that it’s hard to know where to start. I’ll [...]
The Ticking Time Bomb – PCI Application Security
September 25, 2007A while back I wrote a blog post called Lets call a Fig a Fig about the limitations of web application firewalls and the sheer ludicrousness of a security standard offering an alternative of choosing a code review or a web application firewall.
This morning I was reading an excellent post by Chris Eng about [...]
Recent Comments