The Catalyst I was enjoying Episode 82 of the Defensive Security podcast with Mr Jerry Bell (@MaliciousLink) and Mr Andrew Kalat (@Lerg). About 18 minutes into the podcast they comment on how few people care about data breaches and wonder what will have to happen before non-infosec people react to data breaches (particularly credit/debit card… Continue reading Data Breach Breaking Point Prediction
Early in August I commented on the implications of a US district court’s judgement that Microsoft had to turn over e-mail from alleged UK nationals who’s e-mail stored in a data center in Ireland. At the time of the judgement the judge stayed the ruling pending Microsoft’s appeal. This appears to have been a procedural mistake.… Continue reading Current Event: International Man of Privacy
SecureID News reports that Disneys MagicBand IDs are a great success, having been used by some 80,000 attendees in 2014. The enhancement cost $1 billion and should open new revenue streams or enhance existing ones by EoY, 2014. I would expect an interesting increase in traffic over Disney’s backbone to keep up with near real-time response needed… Continue reading Disney Identity Starts With 80,000 Customers
Risk management encompasses risks to privacy, network, process, brand, etc. I’m interested in a juncture of two threat vectors in this post. Legacy, in this context, refers to things that have been in-place for a long time. Often they are heavily depended upon so that they cannot easily be replaced without significant cost and concurrent risk.… Continue reading Legacy Risk Corollary
Controls are logical mechanisms applied in an effort to reduce risk. This may feel vague because the term is primarily an abstract, logical entity that has specific implementations and humans like more concrete, implementable things. Architecturally these entities sit at the logical layer but have concrete instances that are implemented by contextualizing the qualities of… Continue reading What Are Controls (Safeguards)?