the State of Security

ITSM

Are your security people lying about the impacts? Probably, but not on purpose.

by Shawna Turner-Rice

Security is a complex, often nuanced, topic. Today there’s a lot of subjectivity in 100% security oriented discussions. Business people like non-squidgy objective numbers. To make security investment decisions, security people have to sell their area to the business; which means speaking their language. As a consequence, security people are often trying to make objective [...]

Read More

Conference Report: ISACA North America CACS: “Wow, we’re not in Vegas anymore…”

by ~Previous Contributers

I’ve always loved the ISACA CACS conferences. Why? I guess because I love auditors. Not all auditors, mind you, but auditors that have a risk-based orientation, and who understand that the achievement of any goal (regardless of whether we’re talking about information security, operating effectiveness, or compliance goals) hinge on effective controls. And IT auditors [...]

Read More

Conference Report: Infosecurity Europe: “What Recession?”

by ~Previous Contributers

A couple of weeks ago, I gave three talks at the Infosecurity Europe conference in London, which was held on April 27-29. I was pleasantly surprised to see how well-attended it was. No, that’s an understatement. It was a packed conference. Based on attendance, you’d be forgiven if you thought it was 1999, during the [...]

Read More

My RSA Talk and Adam Shostack’s Awesome RSA Research Track

by ~Previous Contributers

I am in San Francisco this week at the RSA Conference (which is apparenlty #rsac on Twitter). I will be speaking this afternoon at 3pm PT. The famous Adam Shostack (@adamshostack) is one of the track chairs, and his advice to me was, “give your metrics talk, under the guise of virtualization security.” Well, I’m [...]

Read More

Ask Dr. Visible Ops: How Should I Engage Internal Audit In The Change Management Process?

by ~Previous Contributers

Hal Pomeranz and I did a webinar called “Ditching the Infosec Stereotype: Part 1: Fixing Broken Change Control Processes” a couple of weeks ago. As I mentioned in a previous blog entry, I’m a big fan of Hal. I loved the work he’s done at places that had truly mission-critical environments, including at eBay, Cendant [...]

Read More

When Life In IT Operations And QA Sucks (Part I)

by ~Previous Contributers

Have you ever had this happen to you? Project Killer Kumquat is finally going to deliver the set of features that’s going to allow us to catch up to the competition. We’ve had over 300 developers have been working on this project for nine months. It’s been a death march for them. This is one [...]

Read More