Here are the Blogs in the Connecting the Dots
Monday, 13 February 2012
Marc Russinovich’s recent book Zero Day: A Novel tells an action-packed tale of international hackers; the action passes through a NYC law firm and brings the entire firm down. Great story, but it seemed a little farfetched when I read it. In the book, the entire ...Read More...
Posted on 02/13/2012 3:51 PM by Frederick Scholl
Tuesday, 31 January 2012
I have always been a big believer in background checks for new employees. While many companies do this prior to hiring someone, some still do not and pretty much everyone relies on outsource firms to do the background check. Yesterday, January 30, 2012, the NY Times reported the case of ...Read More...
Posted on 01/31/2012 11:43 AM by Frederick Scholl
Friday, 27 January 2012
A recent blog post by Jeff Bardin ("The Proliferation of Cyber Janitors") really resonated with me. He points out how much of the security industry is focused on incident response and breach notification. This started with CA 1386 in 2003 and more recently has become a requirement for breaches of ...Read More...
Posted on 01/27/2012 5:00 PM by Frederick Scholl
Tuesday, 3 January 2012
Most assessments of cloud security risks highlight data integrity and confidentiality issues. But the business bottom line is service availability. With many of today's cloud services being offered without warranty, users need to be cautioned before relying on that service. It is too easy to ignore ...Read More...
Posted on 01/03/2012 12:10 PM by Frederick Scholl
Wednesday, 7 December 2011
An essay in a recent Wall Street Journal (December 3, 2011) caught my attention on the subject of compliance v. security. The article, “Starting Over With Regulation” by Philip K. Howard (also available at www.commongood.org), makes the case that government regulation in general is ...Read More...
Posted on 12/07/2011 1:02 PM by Frederick Scholl
Thursday, 20 October 2011
Do you think your information is secure within the federal government? You can make your own decision by reading the recent Information Security assessment by the Government Accountability Office (GAO). Some observations by GAO are expected, others are disturbing. Here are some statements ...Read More...
Posted on 10/20/2011 12:39 PM by Frederick Scholl
Monday, 17 October 2011
Earlier this year I published an ISSA Journal article (ISSA Journal, May 2011) advocating the use of lean management techniques to manage security. This is just an observation that security needs to use business management methods to tie together people, process, technology and partners.
Recently ...Read More...
Posted on 10/17/2011 6:44 PM by Frederick Scholl
Wednesday, 5 October 2011
Security managers spend significant amounts of time analyzing software vulnerabilities and patching the same. I just looked at the Common Vulnerability and Exposure database (CVE) and see that it now has 47,555 vulnerabilities. But how many security managers have analyzed or cataloged the ...Read More...
Posted on 10/05/2011 1:54 PM by Frederick Scholl
Friday, 30 September 2011
The recent breach of 20,000 medical records at Stanford Hospital has me concerned. The institution is part of Stanford University Medical Center and is a top rated health care provider. Are we making progress on HIPAA security? Are things getting better? If this institution cannot effectively protect ...Read More...
Posted on 09/30/2011 11:01 AM by Frederick Scholl
Monday, 5 September 2011
For more recent security blog posts that I have written, please check out:
Kraft Kennedy Security Blog
Posted on 09/05/2011 11:15 AM by Frederick Scholl
Tuesday, 5 July 2011
One of the key challenges in building a security program is getting active participation from across the organization, from line workers to top management. All of these people have “day jobs” and security is too easily put out of mind.
“Why Every Project Needs a Brand ...Read More...
Posted on 07/05/2011 8:28 AM by Frederick Scholl
Thursday, 16 June 2011
I have to admit that I have never really understood the PDCA concept as it applies to information security. I do know that PDCA stands for Plan-Do-Check-Act, but I have never understood the difference between Do and Act, other than there is a Check step in between. Also, I can never remember ...Read More...
Posted on 06/16/2011 10:37 AM by Frederick Scholl
Tuesday, 14 June 2011
I tend to read any legal cases about information security, because they are one source where accurate root cause information on breaches can be found. Two very interesting decisions on security at banks were recently published. One is the May 27 US District Court decision on Patco v. People’s ...Read More...
Posted on 06/14/2011 1:48 PM by Frederick Scholl
Wednesday, 16 March 2011
A recent article by Michael Porter and Mark Kramer, Creating Shared Value (Harvard Business Review, January-February 2011) makes the point that a focus on "shared value" can help give birth to a new capitalism and move business beyond its short term profit focus. Shared Value, ...Read More...
Posted on 03/16/2011 1:42 PM by Frederick Scholl
Wednesday, 23 February 2011
Last week, while at the RSA show, I made a point of seeking out the HBGary booth; I had previously been aware of their good technical reputation through webinars. Booth #556 was there, but not HBGary. Searching online I then learned that they had pulled out after being hacked by Anonymous. ...Read More...
Posted on 02/23/2011 10:38 AM by Frederick Scholl
Thursday, 10 February 2011
A very good tutorial on DDOS attacks, much in the news in the past few months, was posted by the Berkman Center at Harvard University in December. The research is entitled: "Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites", December 2010. ...Read More...
Posted on 02/10/2011 12:39 PM by Frederick Scholl
Thursday, 3 February 2011
We live in a time when information technology is turning everything inside out. This presents challenges and opportunities for information security professionals. I had the pleasure this week of listening to a presentation by Michael Rogers at LegalTech in NYC. The subject of his talk ...Read More...
Posted on 02/03/2011 10:48 AM by Frederick Scholl
Friday, 28 January 2011
I recently had a scary experience with Amazon. I regularly order items on this site, and have not had significant problems. However, yesterday was different. I was ordering an emergency flashlight and four way travel powerstrip and about to complete my order, when I noticed that the ...Read More...
Posted on 01/28/2011 9:40 AM by Frederick Scholl
Wednesday, 12 January 2011
I believe that information security professionals can learn from disasters reported in other areas. After all, the basic security mission of prevent, detect and respond is the same whether the assets being protected are bytes of data or barrels of oil.
Yesterday the National Oil Spill Commision ...Read More...
Posted on 01/12/2011 11:03 AM by Frederick Scholl
Friday, 7 January 2011
The New York Times ran an interesting story on January 5 about a House Republican inviting input from business on which regulations were impeding economic recovery. I am sure the House will get at least a few comments on this topic. Since I had just finished reading Professor Tim Wu's ...Read More...
Posted on 01/07/2011 10:48 AM by Frederick Scholl