Improving the ROI of SIEM, logging and security monitoring

Major security incidents are very rare in most organizations. They are typically a three or even six sigma event, way down on the long tail of possible events. Like most other events that fit this profile (e.g. a correlated fall of 10% or more in the share market) they can also have a major impact on an organization even leading to bankruptcy. As the global financial crisis showed us though these events, called Black Swans by Nassim Taleb do happen and often not in the way we think they will. Unlike financial markets, while they seem ideal for risk transfer, insurance will not help restore your brand.

This is the reason that most companies invest money in a security department, process and technology (OK it is really regulation but lets say it is partially prevention, detection and recovery from security incidents also). Security monitoring is often seen by regulators and auditors as a key control in a holistic and effective information security strategy. However it is difficult to prove the Return on Investment (RoI) on security monitoring for most organizations, and even Risk Reduction on Investment (RRoI) is difficult to quantify. This post is about some simple strategies to improve that visible RoI.

Rich vs thin client 2.0? Native app or mobile web app for your business?

Mobile Internet usage continues at breakneck pace, and just like when the Internet was emerging in the 1990's virtually all businesses from start-up, small, medium to the largest blue-chips are examining (or should be examining) how best to get a piece of the pie. One of the first questions faced when answering this is whether to build or buy a mobile web application or a native application. As always both have their advantages and trade-off's, and I thought the Wired article was not very usefull so I thought I would write this.

Beating crackberry: if Apple, Google and Microsoft were serious about enterprise smartphones

There is a lot of interest from corporate users in the iPhone and iPad and Android devices, and maybe even the Windows mobile 7 (we will wait and see), however Apple, Google and Microsoft are yet to really break the RIM stranglehold on the enterprise market. There is really only one thing that holding them back.

This article adds to my post on securely deploying iOS and Android devices in the enterprise.

Lose your phone not your mind: recovering from a lost or stolen iPhone

A friend of mine recently lost her iPhone at Oktoberfest and it reminded me that many people are unaware of simple measures they can take to make their phone simply a temporary vessel, if the current body is killed, simply download and reboot in a new one (ok too much BSG)

These tips are very iPhone centric as thats what I know, but I'm sure they would not be very hard to replicate on an Android or other smartphone as most are related to web apps. If anyone wants to add some of the ways of doing the same for their smartphone in the comments or send me the link to their blog I will include it in the article. Also it is Windows centric, I'm sure all this is easier on a Mac and any port to the Linux world would also be appriciated.

Legally blond: why you do not need a 50 page security schedule

As business increasingly moves to purchasing IT as a utility from the  cloud, and more IT is outsourced and purchased as a service, there is a corresponding increase (perceived or actual) in risks relating to supplier security. A security incident at an outsourced provider and the concerns over IT being “out of my control” is a worry for many companies and maybe holding them back from realising the cost and scalability benefits on offer.  Having security clauses in a legally binding contract is one of the main mitigations for this risk. However I believe most companies either ignore security completely in the contracting process, or go too far the other way with massive security schedule that attempts to cover every possible contingency. This is an attempt to present a risk based middle path.


Written by