the State of Security

_Change Management

Trust Is Not A Control (And Neither Is Luck): Critiquing The Fannie Mae Critiques

by ~Previous Contributers

One of the best things I’ve read lately was “Change Controls: Ur Doin It Rong” article by Hal Pomeranz. Hal Pomeranz wrote this after he read the FBI affidavit describing how Rajendrasinh Makwana, a former consultant at Fannie Mae, allegedly planted malicious code on Fannie Mae’s servers after he had been terminated. What made this [...]

Read More

Why The Security Monoculture Argument Drives Me Crazy

by ~Previous Contributers

There are many efforts to create meaningful security metrics, which is a worthy goal. After benchmarking over 1000 IT operations and security organizations in the past four years, I’ve formed some very strong conclusions and opinions, some of which goes against security common wisdom. I’ve come to believe that in order to safeguard the production [...]

Read More

Process without Metrics is a Waste of Time

by Michael Lohr

So my title is a bit strong but blindly following a process without questioning it’s value back to the organization IS a waste of time. If you cannot measure the process for success, how do you know it is a good process? I often talk with my customers about the fact that technology is not [...]

Read More

The Hidden Risks of Virtualization

by Michael Lohr

Like so many bloggers I am here to talk about lurking issues with virtualization. However, I’m not here to talk about the technical details of items like promiscuous mode on a vSwitch or setting proper permissions in Virtual Center (which by the way these are both important). I’m here to talk about a more fundamental [...]

Read More

Next Entries →