The UltraTech Zone

Yes, you heard me correctly… We still think about personal and corporate security only as an afterthought. Despite all the regulatory and industry compliance that has been created and updated in the past 15 years, as we close out this decade, we are hardly any closer to proactively applying security guidelines in our personal or professional ...

Yes, you heard me correctly… We still think about personal and corporate security only as an afterthought. Despite all the regulatory and industry compliance that has been created and updated in the past 15 years, as we close out this decade, we are hardly...(read more)

I experienced a wide range of emotions as I read this allegedly tech savvy article in the Wall Street Journal, written by someone who is deemed a journalist for reasons which clearly have no basis in reality.  Mostly, I was surprised, because this is not the caliber of information that I expect from a publication such as the Wall Street ...

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions ...

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not...(read more)

It has long been accepted that Information Security should be implemented in layers: Defense in Depth. The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you store valuables in your home, you’re not just going to have a safe to keep them in, but you will ...

I t has long been accepted that Information Security should be implemented in layers: Defense in Depth . The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you...(read more)

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?”, and it highlights a common misconception about the role of auditing and auditors in the compliance process. The article is a follow-up to an interview with the CEO of Heartland Payment Systems ...

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?” , and it highlights a common misconception about the role of auditing and auditors in the compliance...(read more)

Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890, that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks via Internet Explorer.  In other words, drive-by attacks. This vulnerability impacts ...

Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890 , that’s what we’re looking at:  a vulnerability in DirectX that allows for unauthenticated, remote execution attacks...(read more)

It’s only the second of April, and already I’m dealing with chaos.   And not the kind I expected, either. We’ve all been waiting for Conflicker to do something this month, but so far, nothing has occurred.  This is not a bad thing, mind you, as long as we realize that we need to be equally vigilant about all subsequent ...

The Conficker worm continues to make headlines, not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations, it could prove to be a not-so-happy day. You can read up on the anticipated April 1 ...

The Conficker worm continues to make headlines , not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009.  For a disturbingly large number of individuals and organizations,...(read more)

The more things change, the more they remain the same. Almost exactly two years ago, I posted an article about the general organizational obsession with regulatory (or industry) compliance, at the expense of proper information security.  Just today, I read an article on the CIOzone that asks: Does PCI Compliance Work? The point being made ...