Computerworld UK "Beyond the perimeter"

The broken windows economics of IT security

Thu, 11 Feb 2010 11:50:00 GMT

To economists, the term “Broken Windows” refers to the question that if a shopkeeper pays a glazier to repair a broken window at his store, does this deliver an economic benefit to society?

Cyber warfare: Should we be on the cyber offensive?

Fri, 05 Feb 2010 10:28:00 GMT

There is much discussion of the changing dynamics and technologies of warfare but references particularly to cyber warfare have increased recently.

Top 10 reasons your security programme sucks and why you can't do anything about it

Tue, 12 Jan 2010 11:31:00 GMT

In the security industry we like to fool ourselves into thinking that we can materially impact an organisations security posture.

Of pirate movies and movie pirates

Mon, 21 Dec 2009 13:54:00 GMT

I love movies! I love how an idea flashes like lightning from a twinkle in the eye, to paper, greenlighting, storyboard, production and ultimately to a hyper-teraplex a short drive from my house. Well it’s a little more involved than that, but you get the idea.

Note to self: 2009 holiday gift list

Mon, 07 Dec 2009 10:48:00 GMT

Black Friday and Cyber Monday have come and gone. Now it’s time for Amrit Wednesday, or Thursday, or Friday—oh, whatever—to pay our industry back for all the dubious cheer it spread in 2009. Believe me, when it comes to this list, it’s much better to give than receive. Here goes:

Conficker: Isn't this thing dead yet?

Mon, 16 Nov 2009 00:04:00 GMT

I didn’t exactly run out to Toys “R” Us to buy a present when I heard that the Conficker worm was celebrating its first birthday. What we really should have done was smother the little monster in its crib when we had the chance.

Does any of it matter?

Thu, 12 Nov 2009 17:35:00 GMT

The work we do, the toil, the trouble, the late nights reading and mapping and coding to fight against an unknown foe? The testing, the evaluating, the deploying, the constant struggle to make “them” aware of the impending digital apocalypse that threatens our very ability to do stuff, digital stuff, like finding references to Czech novels, posting pictures of giant squid or looking at Goth porn.

2009 The Year of Computing Dangerously

Sat, 24 Oct 2009 01:02:00 GMT

The FBI has just stated that just behind a nuclear bomb and a bomb in one of our cities that an attack on the US computing infrastructure is the greatest threat we face.

Exorcising the PCI demons

Thu, 08 Oct 2009 10:28:00 GMT

Josh Corman, Principal security strategist with IBM Internet Security Systems, is on the record stating, “PCI is the Devil.” He is not alone; there is a fairly large group of security professionals that decry PCI.

Should the US President have the power to turn off the internet?

Fri, 18 Sep 2009 18:18:00 GMT

Currently pending before the US Congress, the proposed Cybersecurity Act of 2009 contains provisions that would give the US President power to “declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network.”

Has technology killed privacy?

Wed, 16 Sep 2009 10:20:00 GMT

There is little doubt that advances in technology have radically changed many aspects of our lives, from healthcare to manufacturing, from supply chains to battlefields, we are experiencing an unprecedented technical revolution.

Tame the compliance beast and challenge those auditors

Thu, 03 Sep 2009 10:08:00 GMT

I was in London not too long ago for a security conference and travel frequently. Quite often the stale, dry cabin air bothers my sinuses so I usually carry a small bottle of saline nasal spray.

The rise of the philanthropic hacker

Wed, 19 Aug 2009 09:31:00 GMT

At first glance, the term “Hackers for Charity” sounds like an oxymoron along the lines of Death Metal Rockers for Bel Canto Opera or Legislators for Public Accountability.

Why do so many companies fail at basic patch management?

Tue, 11 Aug 2009 09:44:00 GMT

It’s hard to know what to make of the initial findings of Rich Mogull’s ‘Project Quant’ survey of patch management practices.

The US cyber challenge wants you

Wed, 05 Aug 2009 14:36:00 GMT

As part of the administrations continuing efforts to actually do something tangible to improve the security posture of US critical infrastructure and to better deal with a severe lack of technical talent the CSIS (Center for Strategic and International Studies) announced the US Cyber Challenge (here) to identify and develop 10,000 cyber security specialists.

Ulcer Du Jour: Enterprise Database Patch Processes

Fri, 31 Jul 2009 09:37:00 GMT

When most people think of software patching, the Microsoft Patch Tuesday process springs to mind as the most widely followed exercise of its kind in the IT industry.

The IT security professional's guide to system management cost savings

Fri, 17 Jul 2009 09:47:00 GMT

Well-intentioned IT security, compliance, and risk management professionals have long known that one of the most effective ways to attract budget dollars for security widgets is to modulate fear, uncertainty, and doubt to senior managers.

When Security Vendors Cry Wolf!

Wed, 08 Jul 2009 11:25:00 GMT

As a former IT industry analyst and current Chief Technology Officer of a security and systems management software company, I spend a considerable amount of time reading press releases, marketing collateral, and news about and generated by our industry.

Client-side virtualisation part III: HAL 9000, hosted virtual desktops, and the Death Star

Thu, 02 Jul 2009 13:56:00 GMT

Systems and security management is difficult, ineffective, costly and becoming ever more so in increasingly distributed, heterogeneous, complex, and mobile computing environments…

Client-side virtualisation episode II

Wed, 24 Jun 2009 12:39:00 GMT

Consolidation is the major benefit or “killer app” for server/data center virtualisation. Standardisation is the major benefit or “killer app” for client-side virtualisation.

Client side virtualisation

Wed, 17 Jun 2009 00:51:00 GMT

To address the increasing cost and complexity of managing dynamic IT environments organisations are trying to understand how to adopt virtualisation technologies. The value proposition and “killer app” are quite clear in the data center, however less attention has been given to the opportunities for endpoint virtualisation.

Myths, misconceptions and half-truths about virtualisation

Wed, 10 Jun 2009 11:37:00 GMT

Thanks to VMware you can barely turn around today without someone using the V-word and with every aspect of the English language, and some from ancient Sumeria, now beginning with V it will only get worse.

Whitehouse cyber security review: What you should do

Mon, 01 Jun 2009 09:32:00 GMT

Early after President Obama was nominated I wrote an open letter to President Obama for actions that I believed the administration would need to take in the first 90-days “Open Letter to Barack Obama: Securing Critical Infrastructure – The First 90 Days”

The top five cyber security myths

Wed, 27 May 2009 10:59:00 GMT

Given the media hype around the Conficker worm, and the constant barrage of alarming disclosure announcements, I thought it would be a good time to take a calmer look at some of the security myths, misconceptions and mistruths that plague the industry.

Is your IT department ready for radical infrastructure changes?

Tue, 19 May 2009 16:38:00 GMT

How have enterprise architectures evolved over the past 10 years and how will it continue to evolve?