Spiderlabs, Verizon, and You
Trustwave’s Spiderlabs issued their annual report of their work efforts in the last year; 220 data breach investigations and more than 2,300 penetration tests. They were kind enough to share […]
Tag Archives: compliance
The Art of Keeping Things Done
The current field of information security is largely one of arcana, vagueness, arbitrary views, philosophy, mountaintop sages, a general lack of reliable data, and legions of vendors selling “best practices.” […]
The Politics of Respect
There is a lot of perennial talk of social engineering and direct project/resource management. Attempts to solve complicated political situations with manipulation or a slick widget tend not to work […]
Federal Data Breach Bill (H.R. 2221) Passes House
H.R. 2221 defines personal information as, “an individual’s first name or initial and last name, or address, or phone number, in combination with any 1 or more of the following […]
Toorcamp: Hacking HR
Toorcamp was many things this year. It was fun. It was uncomfortable. Dustdevils ate things occasionally. It was turbulent due to the trouble with Levitate to get hackers to help […]
The Compliance Game: The Enemy of Good
I gave a little talk this weekend at the second Seattle Toorcon. Lots of execs have the idea that technology is a cost center and not the bedrock that enables […]
ITCi 2007
This is a presentation that I gave earlier this week at the ITCi Conference in San Diego, California. It was requested that I speak about security and compliance metrics, and […]
Security Information Management [SIM]
This is no simple task as there is a lot of sales material that will promise anything, but from the presentation of the architecture and real-world benchmarking, a clear image may present itself.Two of the large commercial research firms authored materials were also gathered to assist in this mater, though one of them was shockingly inaccurate, unfamiliar with the history and utility of the tools in practice, and offered some very poor advice in its conclusions. Unfortunately this is all too common in my experience with commercial research, so the wise buyer of capital investment level hardware and software would be best served to spend the time evaluating each architecture, dependancies, and challenges if they are able.That being said, I will begin my presentation: A SIM implementation has the ability to solve a variety of problems at once due to its evolution from a log management platform.
Bad Penny 