Good enough. It’s not a concept most people associate with information security people or the approach to information security but it is something we in information security desire. We don’t want to overburden ourselves with unnecessary work or even management of controls. To delve down into one area of security, namely AUTHENTICATION, passwords are… Continue reading The Death of Passwords
Thoughts on Information Security and Risk Management in an Agile Culture Narrated slidedeck from a presentation given at the Chattanooga chapter of ISSA. In keeping with the Ides of March timing of the presentation, I chose to model my analogy to include references to Julius Caesar and Mark Antony.
After reading through the CyberSecurity Strategy and Implementation Plan (CSIP) I was impressed with its scope and relatively clear terminology, acronyms notwithstanding, and how it outlined federal strategy. I expect the timelines to be challenging, though. Working in a multi-national, Fortune 500 company, I know that if you don’t already have some information collected and… Continue reading CSIP Looks Good
5:30 and I’ve been up a couple of hours reading scientific, DoD, DARPA & infosec papers in “active authentication.” #cantsleep God bless people who think identity is easy. Assertion, validation, authentication, re-evaluation … we humans do this so organically & yet we’re unbelievably horrible at judging character. Now we expect machines to learn effectively how… Continue reading 5:30 Sunday Morning
Risk management encompasses risks to privacy, network, process, brand, etc. I’m interested in a juncture of two threat vectors in this post. Legacy, in this context, refers to things that have been in-place for a long time. Often they are heavily depended upon so that they cannot easily be replaced without significant cost and concurrent risk.… Continue reading Legacy Risk Corollary