New, expanded, wiretapping rules are being discussed. What are the privacy issues this raises? What are the other personal liberty implications of such rules, differences between monitoring voice and data and some potential solutions that balances national security and privacy requirements?
Farming at work: social media in the enterprise
How do you make social networks safe for work? Also some key risks and strategies for tracking productivity. Joins my recent article on the Twitter virus and previous article on Data loss prevention
Twitter hacks: lessons for users and Twitter
What are the risks - to both consumers and companies - of social media-borne hacks, attacks, malware, etc.? Was this latest Twitter attack a wakeup call? Also what users could do to protect themselves and what Twitter could do to avoid future incidents
Security metrics: If you do not measure something why even bother doing it?
If those in the IT/Information security industry applied the concept of if you do not measure why even bother doing it, we would all be out of a job! This especially includes all those CISO's and top management: going to meetings, conferences and replying to emails provides no value unless you can measure it and demonstrate where it does. Security metrics is relegated to the trough with awareness and policy, usually pushed to the new starter or female (just j/k) in team. This is unfortunate though because if there is one thing that the success of something like Google Adwords and the revolution in A/B testing should have taught us is that: there is great value in being able to measure the effectiveness of something. There is a good reason why you are not considered Capability Maturity Model (CMM) level 4 until you can measure how well your process or capability is at delivering the desired results. The old adage still holds true: you can't improve what you cannot measure.
There are plenty of articles on security metrics but this one as true to form will be simple, practical and contrarian. Although according to Jennifer from securitymetrics.org "I am not sure there is much contrarian in the post, other than that an random engineer will be better at security metrics than a security person. That may be worth a lightning". Other than WTF is a lightning, maybe it is not contrarian but just common sense but definitely not as common as I would like to see. Read on....
There are plenty of articles on security metrics but this one as true to form will be simple, practical and contrarian. Although according to Jennifer from securitymetrics.org "I am not sure there is much contrarian in the post, other than that an random engineer will be better at security metrics than a security person. That may be worth a lightning". Other than WTF is a lightning, maybe it is not contrarian but just common sense but definitely not as common as I would like to see. Read on....
Tags:
Metrics
Links to this post
Privacy in an Age of Augmented Humanity
![]() |
Source badscience.net |
This joins my other privacy and identity related articles: social location services and review of corporate identity management against the identity laws
Your data centre has just blown up
![]() |
Source Flikr |
This joins my other non security pieces: a smarter more social bank, preparing for chrome living without Windows and turning bankers into engineers in a decade.
I wrote this as a response to a question on help a reporter on my iPhone on the tube returning from work, and thought it maybe of interest to you also.
Tags:
DR
Links to this post
3 Million reasons to encrypt your Blackberry
![]() |
Source Flikr. Creative Commons |
This is another chapter in the lessons learned series joining: email encryption, removable media control and Data Loss Prevention (DLP). Also a companion piece to securely using iPhones, iPads and Android devices in the enterprise
Ten years ago and maybe even five years ago in some countries, laptop whole disk encryption and removable media encryption would not have been a priority. After a number of high profile data losses, including a £3 Million fine by the FSA of HSBC for loosing customer data, most organizations view this as a critical security control one of the few that needs to be explicitly specified in contracts.
Subscribe to:
Posts (Atom)