December 14, 2007:
Forrester Analyst Launches Risk Consultancy
Comments: 0 | Categories:
Compliance
One of my long time Forrester colleagues, Michael Rasmussen, has formed a new consulting firm. Michael made a name for himself over the last several years as one of the leading voices in governance, risk and compliance best practices and...
October 8, 2007:
Weak Link in Chase Bank and ABN Amro security
Comments: 4 | Categories:
Compliance ,
Identity Theft ,
Peak Performance
When my team and I find mismanaged confidential information in a security audit we launch an awareness campaign around trash, recycling, and shredders. Not surprisingly, recycling bins, like dumpsters, are repositories for plenty of corporate secrets. But bank dumpsters are...
September 18, 2007:
The irrational fear of being forthright - how Cisco teaches a lesson in customer service to Honeywell and Tyco
Comments: 0 | Categories:
Compliance ,
Manufacturers ,
Peak Performance
Honeywell announced a recall of fire alarm panels this week. Chips in the Apex Destiny 6100 and 6100AN Security System Control Panels, made by Xicor, might lose programming during a power outage of more than four hours, the U.S. Consumer...
August 23, 2007:
Don't think of Verdasys as just another data leakage protection vendor
Comments: 0 | Categories:
Audit ,
Compliance ,
InfoSec ,
Software
I've been briefed by Verdasys a few times over the years, but frankly the fog never quite cleared for me. While I was Research Director at Forrester I would talk to these guys, usually in the context of data leakage...
August 9, 2007:
If you can't trust your locksmith - or your network admin - who CAN you trust?
Comments: 6 | Categories:
Audit ,
Compliance ,
InfoSec ,
Trends
Why is the possession of lock picks by non-locksmiths illegal in some states? That was the unlikely question posed to me by IT security expert and CEO of ProofSpace, Paul Doyle, when he called me this morning. The obvious answer...
August 6, 2007:
PCI Security Standard Ain't Just For IT Geeks
Comments: 1 | Categories:
Authentication ,
Compliance ,
Identity & Access Management ,
Identity Theft ,
Trends
Last year we were all concerned about Sarbanes Oxley. This year it’s PCI. PCI is shorthand for the Payment Card Industry security standards that apply to any company engaged in processing credit card information. The VISA Cardholder Information Security Program...
July 26, 2007:
Featured Post - Security Is Not the Point
Comments: 0 | Categories:
Audit ,
Authentication ,
Compliance ,
Identity & Access Management ,
Peak Performance ,
Security Management / Operations
[This popular post first appeared on SecurityDreamer in November 2006] Articulating the Value of Security...It’s an uphill battle to convince the decision-makers in any business that they need to invest in security. Why? Because deep down, all professional businesspeople think...
July 16, 2007:
Security on endpoints - like laptops and blackberrys - delivers more value than intrusion prevention systems
Comments: 8 | Categories:
Audit ,
Compliance ,
InfoSec ,
Software
For the best part of ten years, my colleagues and I in the industry analyst biz have been declaring the obsolescence of the monolithic security perimeter. Securing the perimeter is not enough – everyone knows that now – but it...
May 16, 2007:
If Odysseus Had Grey-Eyed Athena as an auditor…
Comments: 0 | Categories:
Compliance ,
Global Security ,
Identity & Access Management ,
InfoSec ,
Integrators/Service Providers ,
Manufacturers
On one hand, the security profession in Greece shares much in common with its counterparts in Northern Europe and North America. Reflections from Greece Security directors seek cost effective solutions for perimeter protection, data leakage and identity and access management....
May 5, 2007:
CEOs Don't See Value In Security
Comments: 1 | Categories:
Audit ,
Compliance ,
Integrators/Service Providers ,
Peak Performance
Look closely at the CEO Report Card listed by Zalud and Maddry in their article in this month's Security Magazine and you'll notice that Value gets a "D." All of the grades on the report card are the aspects of...
