Focus on Quality Improves Computer Security

There is a great white paper at sans.org      Elizabeth Stanton wrote it to highlight “Security through Quality Assurance Practices”   I found it by doing a google search “quality computer security”. In my quest for trying to explain to non-security people why they need to pay more attention to computer security without blasting headlines … Read more

Analyzing Data Breaches: Can we Tolerate Status Quo?

An interesting paper on the analysis of the frequency of data breaches.  It is an attempt by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest.  These researchers obtained the data from https://www.privacyrights.org breach info. The PRC(Privacy Rights Clearinghouse) has compiled a Chronology of Data Breaches” dataset that, as of February 23, 2015, contains information on 4,486 publicized data breaches that have occurred … Read more

If a Firewall is Useless What to Do?

As I was scanning the Internet for interesting relevant articles this is the one I thought was unique in discussing a fundamental issue of our time(in 2015) http://www.infoworld.com/article/2616931/firewall-software/why-you-don-t-need-a-firewall.html Plus Roger Grimes discusses buffer overflows. { For nearly three decades, remote buffer overflows were the most dreaded tool in the hacker’s arsenal. Simply find an open … Read more

Stop Attacking Me – Don’t exploit My Code Bro

The Oracle CSO (Chief “Security” Officer) statements show a misunderstanding of IT security principles. IT-Security BlogNotions post is appropriate: That is why I came up with “Don’t Expose My Code Bro” I am afraid that a lot of Executives do not understand security principles within the IT industry. Let me help you understand a bit … Read more

Courts Uphold FTC Regulation-Punishment to Negligent Company

Threatpost has the story:  https://threatpost.com/court-rules-ftc-has-authority-to-punish-wyndham-over-breaches/114390 From the court brief http://www2.ca3.uscourts.gov/opinarch/143514p.pdf are some interesting snippets:   Let’s list the cybersecurity problems that Wyndham had: Stored CC data (which is a violation of PCI standard) Passwords were simple (Example: “micros” in a Micros computer default pw) Did not use firewalls between their corporate network, property management system, … Read more