As my readers know, I’m not the biggest fan of consumer DRM. I hate being treated like a criminal when I’m not, and I don’t believe anyone has the right to control more of my systems than I do. Something about my security being compromised to provide better security for some corporate entity whose products I may or may not purchase just bugs me.
I was reading a post over at Layer8 and it got me thinking about trust. Shrdlu attended a talk by Larry Ponemon where he took away this little tidbit:
Meerkat Manor, via the Guerilla CISO. Here’s an excerpt:
09 October 2007: Dear diary, I drew sentry duty for the third day this week. I know it’s my solemn duty to protect the clan, but my risk assessment has determined that, although a predator is a high-impact event, it is a low rate-of-occurance activity and so I think a better use of my time is in foraging for stray eggs. Besides, if the predators come and eat us all, it’s not like I’ll have to face the Meerkat Manor Board of Directors. 10…
Once again Martin and I recorded late enough in the day that I could enjoy a fine beer during the taping (Moose Drool this week). I also need to shout out to Paul and Larry and Pauldotcom Security Weekly; based on their advice I picked up a WRTSL54GS for some wireless access point hacking. Too bad I bricked it… by opening the box. Needless to say that one is on its way back to the online store, and a new one is headed to me. I’ve been working on this pet project of mine for a year and really…
In over thirteen years with mountain rescue and five years as a ski patroller I participated in countless search and avalanche drills, and a fair number of real incidents. Search in the real world, as in the computing world, is difficult due to the need to balance performance with thoroughness. In a rescue situation you need to find the victim as quickly as possible; a thorough search has a higher Probability of Detection (POD), but takes longer. Assuming you’re looking for a live victim this…
Despite my departure from the analyst world, thanks to the blog some of the vendors out there are still keeping me updated on their products. I also still have to track big swaths of the market to support my consulting work. While I don’t intend to this blog to just spew PR dribble, I do see some cool stuff every now and then that’s worth mentioning.
Data classification is one of the most essential tools of data security. It enables us to leverage business priorities into technical and physical controls over the management and protection of data. Applying data security controls without data classification is like trying to protect a pile of cash in an open field filled with piles of leaves by air dropping concrete barricades from 10,000 feet. At night.
History is a funny thing. It’s amazing that what many children see in early schooling as a boring collection of facts is neither boring nor factual. On a good day we might get some dates correct, but there isn’t a “fact” in history that isn’t open to interpretation. This is as it should be; think about all the factors that went into a major life decision- say a marriage or picking your college. Now distill everything involved in that decision into a paragraph, stick it in a drawer for a couple…
Jeremiah posted these questions on dealing with website vulnerabilities. Here are my quick answers (I have to run- sorry for the lack of links, but you can Google the examples):
Welcome to Part 5 of our series on DLP/CMF/CMP; look here for: Part 1, Part 2, Part 3, and Part 4.
I like to describe the evolution of the DLP/CMF market as a series of questions a CEO/CIO asks the CISO/SGIC (Security Guy In Charge). It runs something like this: