Archive for the 'Regulation' Category

« Mark Curphey - SecurityBuddha.com home page
Next Entries »

The Long Tail of Information Security (Part 1)

August 4, 2007

 
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point.  I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]

Categories: Blogonomics, Certification, Compliance, Cool Business, PCI, Ramblings, Regulation, Security Blogs, Security Industry, Security metrics, Speaking, Visualization, information security

Comments: 5 Comments

Trends in Information Security

August 4, 2007

I found myself thinking some “big sky” thoughts about trends in information security recently. Here they are.
- The Business of Information Security
- The Internet Economy
- Governance, Risk and Compliance
- The Hunt for the Information Security Bullet is Ending
- The Whole Solution Movement
- Convergence and Integration
- The World is Flattening
The Business of Information Security
As the new breed [...]

Categories: Certification, Compliance, PCI, Regulation, Security Industry, Security metrics, information security

Comments: 11 Comments

Whole Security Solutions

July 27, 2007

“Friends and family” yawn when I harp on about the need for whole solutions. Take Data Leakage Protection as an example. Some technology companies would have you believe that network devices or digital rights management alone is the solution. The truth of course is that information security is a complex topic that requires skillful people to think [...]

Categories: Compliance, PCI, Regulation, Security Industry

Comments: 3 Comments

Assurance Levels for Web Security

June 11, 2007

I am writing the first draft of the OWASP Web Security Evaluation Criteria this month and spent much of last Friday thinking about two things. The stakeholders in the web security evaluation game (last post) and assurance levels (this post). I have continued to chew over the concepts this weekend and I think its a very [...]

Categories: Certification, Compliance, OWASP, PCI, Regulation, Security Industry, Software Development, Web Security

Comments: 6 Comments

Is Information Security Less Important to Business Than a Rumor?

May 17, 2007

From TechCrunch 
At 11:49 AM EST Engadget posted saying that the iPhone and Leopard operating system launches would be seriously delayed. They based the story on an internal Apple email that was forwarded to them. The original post:
This one doesn’t bode well for Mac fans and the iPhone-hopeful: we have it on authority that as [...]

Categories: PCI, Regulation, Security Industry

Comments: 3 Comments

SourceClear Diary of a Startup - Week 6

May 15, 2007

This week focuses on the frustration of small agile development projects and thinking about the competitive landscape.
Last week I posted a very simple Diary of a Startup blog that summed up exactly the week we had.
You can have software that is Fast, Cheap and Good but you can’t have all three at once.

To [...]

Categories: Certification, Compliance, Cool Business, Diary of a Startup, Regulation, Security Industry, Software Development, StartUpBootstrapping, StartUpEngineering, StartUpFunding, StartUpMarketing, StartUpOperations, StartUpSales, StartUpTechnology, Startup

Comments: Be the first to comment

OWASP Web Certification - A Better PCI?

May 14, 2007

This week at the European OWASP Conference in Milan they will announcing that I have been selected to produce the OWASP Web Certification Framework.  A public email went out to the OWASP mailing list this weekend.
There are no shortage of critics about PCI. I am one. I believe that’s it broken in so many [...]

Categories: Certification, Compliance, OWASP, PCI, Regulation, Security Industry, Software Development, Software Security

Comments: 4 Comments

Next Entries »