My last blog leads me neatly onto to the good stuff. Joining a new company is like a poker game. They need to tell you enough to get you interested but not too much that if you decide not to join you could screw up their plans. I knew ACE had bits of cool stuff [...]
Archive for the 'PCI' Category
A Sneak Peek at Some Cool Software Security Tools
October 25, 2007Notes from a Big Island
October 24, 2007I am currently on my way back (this post was started on a plane) from a superb two weeks in Redmond meeting with my team and other folks in various parts of Microsoft. There is just so much cool stuff going on and in the plans that it’s hard to know where to start. I’ll [...]
Notes from Helsinki
October 2, 2007 When you have a choice between Reindeer steak or Beef steak on your menu you know you are in Finland! I like Finland, it’s great. Really nice people and a lovely coastal environment. At this time of year for someone who still live in the South of France it is a little cold!
I [...]
The Ticking Time Bomb – PCI Application Security
September 25, 2007A while back I wrote a blog post called Lets call a Fig a Fig about the limitations of web application firewalls and the sheer ludicrousness of a security standard offering an alternative of choosing a code review or a web application firewall.
This morning I was reading an excellent post by Chris Eng about [...]
Ambiguous Security Standards
September 4, 2007Some security standards make statements that are ambiguous. One example is the PCI DSS that says “only necessary ports should be open”. The default effect of this ambiguous statement is for all sites to legitimately claim that all open ports are necessary and everyone passes. “The Remote Desktop Protocol is necessary to remotely manage the [...]
Straights Words from Gartner about PCI
August 23, 2007……. there are some important areas where we part company with the council. One of the most important is that the council sanctions the use of an assessor that is also trying to sell you security services. This is completely at odds with established best practices in audit and compliance.
Well, the card companies may not learned [...]
The Long Tail of Information Security (Part 2)
August 5, 2007My last post The Long Tail of Information Security (Part 1) described why I think information security exhibits Long Tail economic characteristics, outlined the three forces of long tail markets and discussed the first, democratization of tools for production. The intent is to provide an insight into what the future of information security may look [...]
The Long Tail of Information Security (Part 1)
August 4, 2007
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point. I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]
Trends in Information Security
August 4, 2007I found myself thinking some “big sky” thoughts about trends in information security recently. Here they are.
- The Business of Information Security
- The Internet Economy
- Governance, Risk and Compliance
- The Hunt for the Information Security Bullet is Ending
- The Whole Solution Movement
- Convergence and Integration
- The World is Flattening
The Business of Information Security
As the new breed [...]
Whole Security Solutions
July 27, 2007“Friends and family” yawn when I harp on about the need for whole solutions. Take Data Leakage Protection as an example. Some technology companies would have you believe that network devices or digital rights management alone is the solution. The truth of course is that information security is a complex topic that requires skillful people to think [...]
Recent Comments