Marc’s post here is well worth a read.
Level 1 is what I call an “Access API”.
Level 2 is what I call a “Plug-In API”.
Level 3 is what I call a “Runtime Environment”.
The Oxygen Security Platform is actually likely to be a combination of all three!
Archive for the 'Compliance' Category
Marc Andreessen on Platforms
September 24, 2007Ambiguous Security Standards
September 4, 2007Some security standards make statements that are ambiguous. One example is the PCI DSS that says “only necessary ports should be open”. The default effect of this ambiguous statement is for all sites to legitimately claim that all open ports are necessary and everyone passes. “The Remote Desktop Protocol is necessary to remotely manage the [...]
Analogy of Risk Management
August 30, 2007“Risk Management is like the navigator in a rally car; Business is the driver.”
Hoff’s comment made me chuckle. “..these navigators never stop and ask for directions”.
Straights Words from Gartner about PCI
August 23, 2007……. there are some important areas where we part company with the council. One of the most important is that the council sanctions the use of an assessor that is also trying to sell you security services. This is completely at odds with established best practices in audit and compliance.
Well, the card companies may not learned [...]
More Long Tail Security Thoughts
August 13, 2007Judging by the blog stats readers have been enjoying my Trends for Information Security and Long Tail of Information Security (Part 1 and Part 2) posts earlier this week. A few people have mailed me off-line asking for clarifications and suggesting ideas. Having thought about the questions raised and fired off answers (with various degrees of thought) [...]
The Long Tail of Information Security (Part 2)
August 5, 2007My last post The Long Tail of Information Security (Part 1) described why I think information security exhibits Long Tail economic characteristics, outlined the three forces of long tail markets and discussed the first, democratization of tools for production. The intent is to provide an insight into what the future of information security may look [...]
The Long Tail of Information Security (Part 1)
August 4, 2007
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point. I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]
Trends in Information Security
August 4, 2007I found myself thinking some “big sky” thoughts about trends in information security recently. Here they are.
- The Business of Information Security
- The Internet Economy
- Governance, Risk and Compliance
- The Hunt for the Information Security Bullet is Ending
- The Whole Solution Movement
- Convergence and Integration
- The World is Flattening
The Business of Information Security
As the new breed [...]
Whole Security Solutions
July 27, 2007“Friends and family” yawn when I harp on about the need for whole solutions. Take Data Leakage Protection as an example. Some technology companies would have you believe that network devices or digital rights management alone is the solution. The truth of course is that information security is a complex topic that requires skillful people to think [...]
Can Privacy be a Premium Service?
July 26, 2007Om Malik suggests for a $1 a month people would pay the search engines to remove their digital search footprint in his blog post here.
If not today, but soon enough, we might be willing to pay to protect the privacy, and erase the digital footprints we are leaving behind…………….turn privacy into an opportunity for making [...]
Recent Comments