The UltraTech Zone

Integrating Life, Technology and Business with Andrew S. Baker...
Welcome to The UltraTech Zone Sign in | Join | Help
in
Home My Blog Forums Photos Resume Reading List External News Knowledgebase Consulting Mailing Lists Other Links

Browse by Tags

All Tags » Business » Security   (RSS)
Showing page 1 of 2 (27 total posts)
  • Reading Between the Lines of Breach Notifications

    Back in September 2012, I wrote two articles for Point2Security on how to effectively handle breach notifications: The Who of Post-Breach Communication Post-Breach Communication: The Importance of How & When Sadly, to many organizations are doing something entirely different when it comes to post-breach notifications. I like to take ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on January 18, 2013
  • Why We Have No Online Privacy

    Earlier today, as I read a very self-serving article lamenting how online growth will be killed due to impending “Do Not Track” legislation, it became very clear to me why online privacy in the US is almost entirely non-existent. As a society in the 21st century, we have willing accepted the idea that in order to be able to obtain anything useful ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on September 21, 2012
  • To Disclose or not to Disclose

    …that is the question. Every time a software vendor experiences a vulnerability or releases patches for a serious security issue, the debate about Full Disclosure or Responsible Disclosure gains a little more steam. Just how much information should a vendor disclose about the nature of the vulnerability that it has identified, and how that ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on June 9, 2011
  • Just ask Sony…

    Why should you take your organization’s information security posture seriously? Just ask Sony.  It has been estimated that Sony will spend more than $170 million dollars due to the recent breaches they have suffered.  Personally, I think that the $170M figure is too conservative.  I expect it to get much closer to $300M than ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on May 31, 2011
  • Managing Technology-based Risks

    Risks exist. You would think that this is so obvious as to not need saying, but too many people appear to operate as though downplaying or ignoring risks have any impact on their reality. That sign announcing “bridge out” isn’t really concerned with how much you believe it or agree with it.  It doesn’t care if you are too busy to deal with ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on May 3, 2011
  • Reactive Security: Feel the pain in 2011+

    We are only one third of the way into 2011, but we have had some of the largest information security breaches of the decade – and the trend does not appear to be slowing down. Here are just a few of the biggest reports for the year: http://www.eweek.com/c/a/Security/RSA-SecurID-Breach-Shows-Why-Everybody-Must-Stay-Vigilant-595858/ ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on April 29, 2011
  • Maintaining Good Security Practices

    Security is not just a state of being. We are often called to provide an assessment about our present security posture, and usually, the person asking the question is doing so within a very narrow context – one that the may or may not have shared with you. Answering such a question is difficult at best. Imagine walking up to your doctor and ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on March 31, 2011
  • Lessons from 2009: Functionality still trumps Security

    Yes, you heard me correctly… We still think about personal and corporate security only as an afterthought. Despite all the regulatory and industry compliance that has been created and updated in the past 15 years, as we close out this decade, we are hardly any closer to proactively applying security guidelines in our personal or professional ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on December 31, 2009
  • Why Businesses Standardize on Technology

    I experienced a wide range of emotions as I read this allegedly tech savvy article in the Wall Street Journal, written by someone who is deemed a journalist for reasons which clearly have no basis in reality.  Mostly, I was surprised, because this is not the caliber of information that I expect from a publication such as the Wall Street ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on November 23, 2009
  • Searching for Return on Security Investments

    There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on October 30, 2009
  • Is Security by way of Diversity Still Effective?

    It has long been accepted that Information Security should be implemented in layers: Defense in Depth. The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you store valuables in your home, you’re not just going to have a safe to keep them in, but you will ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on September 30, 2009
  • We Have Found the Enemy -- and It Is Us

    I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?”, and it highlights a common misconception about the role of auditing and auditors in the compliance process. The article is a follow-up to an interview with the CEO of Heartland Payment Systems ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on August 14, 2009
  • The Compliance Trap

    The more things change, the more they remain the same. Almost exactly two years ago, I posted an article about the general organizational obsession with regulatory (or industry) compliance, at the expense of proper information security.  Just today, I read an article on the CIOzone that asks: Does PCI Compliance Work? The point being made ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on March 12, 2009
  • Yes, Security Is Still Important in 2009

    Quite frankly, it’s even more important than it has been in the past.   This morning, I was reading some articles on information security, including news about the Conficker worm.  You know, we haven’t had a really good worm in 3 or 4 years, so it seems that people have forgotten about how dangerous those things can be, and how ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on February 13, 2009
  • Managing Information Security in 2009

    Since the middle of 2008, we have seen an increase in the types and complexity of information security attacks that organizations have been facing. The widespread worms of 2004 and 2005 gave way to the targeted attacks of 2006 and early 2007.  Things quieted down in the latter portion of 2007, as the security industry was able to clamp down ...
    Posted to Talking Out Loud with ASB (Weblog) by Logik! on January 2, 2009
1 2 Next >
Powered by Community Server (Personal Edition), by Telligent Systems