April 4, 2011
Epsilon Interactive: A Data Breach That Probably Impacts You

Over the weekend a family member emailed me.  They had received an email from their bank saying that some company...

Read More
April 1, 2011
Cloud and Application Security

Recently, I had the opportunity to participate in a meeting hosted by Senator Mark Warner on the topic of health...

Read More
March 23, 2011
Facebook and Privacy

The other day I read an interesting article on FaceBook and privacy from F-Secure’s blog.  The key point that I...

Read More
March 18, 2011
Vulnerability Management White Paper

Recently, I was asked to put together a white paper describing some work we’ve done related to supporting a vulnerability...

Read More
February 28, 2011
Tweet of the Year for 2011: What’s Wrong With Information Security

Last week, I read what I expect to be the most intelligent tweet of 2011.  A member of the OWASP...

Read More
February 22, 2011
Wikileaks: How I Learned to Worry More…

Wired’s Danger Room blog recently acquired a “Cyber Control Order” penned by Major General Richard Webber, commander of Air Force...

Read More
January 25, 2011
NEI Cyber Security Implementation Workshop

Greetings, and happy 2011. It has been entirely too long since we’ve posted an update. In spite of that, I...

Read More
November 15, 2010
Pen Testing Versus Vulnerability Assessments

At the end of the first day of plenary sessions at OWASP App Sec DC 2010, there was a session...

Read More
November 12, 2010
OWASP App Sec DC 2010 General Recap

The OWASP App Sec 2010 conference  ended today. The format and content of some of the talks made for a...

Read More
October 11, 2010
Current State of FISMA Part 3: What Is the Target?

So, I’ve rambled a bit in the past several weeks on the current state of FISMA.  You’d think that somewhere...

Read More
September 28, 2010
A Follow-up on Quantitative Risk Analysis

The other day Terry wrote a piece on risk assessment, and focused primarily on quantitative assessment.  It brought to mind...

Read More
September 25, 2010
A Requirement By Any Other Name….

Since we’ve covered FISMA and NIST recently, I thought it would be a good time to discuss policies, standards, guidelines,...

Read More
First ... 6 7 8 910