 |
|||
|
February 10, 2009
Guess which one of the following talking about another scary “survey” I enjoyed reading the most: Cybercrime losses top $US1 trillion – From News.com.au ……same old regurgitated vendor marketing in all…….Okay, it’s the next one I liked most! More of this please: Comments (6)
February 5, 2009
One key failing that limits an organisations ability to develop an enterprise/holistic view of their overall security position is assessing security solely on an application by application basis. Links, dependencies, information flows (relationships) between applications in a “system” (applications working and linked to each other) are rarely assessed (from our experience). A “system-level” perspective on security is vital in providing an organisation with a more thorough assessment of potential risks (direct and indirect) in a specific application and the corporate environment as a whole. Read on…. February 1, 2009
I talked in a previous post about PCI DSS vs. regulatory requirements in some countries, (in some industries). Thought I would expand a bit more on the topic of “regulation”. In many posts here, I’ve talked about the benefits of regulation (done right) being a big driver for better IT security practices. I was interviewed by Computerworld on this topic about 6 years ago and a representative from the Attorney-General’s Department disagreed with me, and suggested that “new standards” they were going to develop, (that showed businesses how to do things better), were sufficient, and no regulation was required. Gees, even then, we had plenty of “good practice” standards – we didn’t need more of them! (side note: none did come out from the AGD anyway that I am aware of). We need(ed) someone to say, you MUST be doing this. You have an obligation to your business, your employees, your shareholders, your business partners, the business community and society in general! I still believe that, and I disagree with arguments that the “market” should drive this. WTF does “the market” actually mean? When has “the market” done anything of substance to improve IT security practices in the last 15 years? We’re not going forwards, so how is “the market” going to now dictate and improve this? Magic? Open to your comments as usual. Read on. I’ve added a section from a talk I had with with David Rice about regulation. I liked his thoughts on this: In a rare event as most Sydney-siders would acknowledge, I met a top cabbie last night. Thick Italian accent (been here 50 years “Gees mate, sorry to hear that. How old was your father when he died?” Cabbie: “95!…….. I reckon he would have have lived to 130!” ROFL….who knows, he probably could have! Lessons there. Thanks St. George cabs cabbie. The world needs more people like you. Not much more to add at this stage but the Giant has been taken down. Remember this: Now you know I am just kidding right?! |
Categories
|
||
)…we had a great chat on my drive home. All his kids had finished Uni and were in top jobs and life is good. Topic turned to vices (as they do) and things that are not good for the health – women at the top of his list (in a nice way)…He drank a little (sometimes), which he acknowledged was not healthy, but smoking; “no good mate, don’t smoke…..my father drank and smoked and the smoking killed him”.