Archive for the 'Regulation' Category

Why Risk Management is Like Eating Lettuce

January 30, 2008

On Sundays it’s a British tradition to wake up with a hangover, get a copy of the Sunday Times and watch the morning politics shows on the beeb. This Sunday past was traditional for me. Data breaches and privacy are hot political topics in the UK after the national fiasco overseen by Alistair Darling. I [...]

The New Rogue Trader

January 25, 2008

In a former life I designed and installed some two factor Authn and cyrpto systems for ING Barings (home of the first rogue trader Nick Leeson) in the 90’s. Let me tell you that no single FX or Options trader can run up 7 billion of debts without serious collusion. Watch this space!  This story [...]

Dear Idiot, Your New UK Security Tools Law Sucks!

January 18, 2008

Dear Idiot (Tom Harris - Labour MP for Glasgow),
The world has gone mad and I am boarding the next commercial flight on Virgin Galactic in search of a world where numnuts and numties no longer rule.
It was my birthday last Thursday and very peasant it was too. I got back from a week in [...]

A Sneak Peek at Some Cool Software Security Tools

October 25, 2007

My last blog leads me neatly onto to the good stuff. Joining a new company is like a poker game. They need to tell you enough to get you interested but not too much that if you decide not to join you could screw up their plans. I knew ACE had bits of cool stuff [...]

Notes from a Big Island

October 24, 2007

I am currently on my way back (this post was started on a plane) from a superb two weeks in Redmond meeting with my team and other folks in various parts of Microsoft. There is just so much cool stuff going on and in the plans that it’s hard to know where to start. I’ll [...]

Notes from Helsinki

October 2, 2007

When you have a choice between Reindeer steak or Beef steak on your menu you know you are in Finland! I like Finland, it’s great. Really nice people and a lovely coastal environment. At this time of year for someone who still live in the South of France it is a little cold!
I [...]

The Ticking Time Bomb - PCI Application Security

September 25, 2007

A while back I wrote a blog post called Lets call a Fig a Fig about the limitations of web application firewalls and the sheer ludicrousness of a security standard offering an alternative of choosing a code review or a web application firewall.
This morning I was reading an excellent post by Chris Eng about [...]

Analogy of Risk Management

August 30, 2007

“Risk Management is like the navigator in a rally car; Business is the driver.”

Hoff’s comment made me chuckle. “..these navigators never stop and ask for directions”.

The Long Tail of Information Security (Part 2)

August 5, 2007

My last post The Long Tail of Information Security (Part 1) described why I think information security exhibits Long Tail economic characteristics, outlined the three forces of long tail markets and discussed the first, democratization of tools for production. The intent is to provide an insight into what the future of information security may look [...]

The Long Tail of Information Security (Part 1)

August 4, 2007

 
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point.  I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]