I have long held that the prime objective of a security practitioner to protect the Crown Jewels that reside within a data source. It is necessary to assess our controls put in place to thwart threats to our data sources. It is vital that we construct the new perimeter directly around those databases. Gone are… Read More
@CDMmedia looking for Cloud Co…
@CDMmedia looking for Cloud Computing standards? Check out opencloudconsortium.org. Don’t relegate security to the dust bin, get educated!
Daily Digest for August 31st
mdpeters When business and information security are aligned, the true value of security will be apparent. [#]. mdpeters In the debate concerning insider versus outsider information security threats, consider any connection to data as an outsider threat. [#]. mdpeters @CDMmedia BI education seems to be the biggest utilization hurdle. This is true holistically, not just… Read More
KISS – Keep It Simple Security – 2009090101
I was reading the latest report published by Deloitte titled “The 6th Annual Global Security Survey.” I did enjoy the survey results and I do intend on using a portion to help shape my general information security strategy in my practice. Certain fundamentals are always sound and always obvious. One quote that I’ll comment on… Read More
In the debate concerning insid…
In the debate concerning insider versus outsider information security threats, consider any connection to data as an outsider threat.
When business and information …
When business and information security are aligned, the true value of security will be apparent.
Daily Digest for August 31st
mdpeters On the way to the CIO Finance Summit at the Scottsdale Arizona Four Seasons to represent the security community. [#]. mdpeters New blog post: Juris Doctor 52 of 215 https://michaelpeters.org/?p=767 [#].
On the way to the CIO Finance …
On the way to the CIO Finance Summit at the Scottsdale Arizona Four Seasons to represent the security community.
CIO Finance Summit 2009
I’ll spent a few days in Scottsdale Arizona attending the CIO Finance Summit. I received an invitation to be a guest panelist for financial services information security. This will be the second time attending a CDM Media event. I’ll meet again with many of my counterparts from around the industry and made some new connections… Read More
Social Computing Guidelines
I have added a new governance document to the HORSE wiki that provides an example of a social computing and networking employee guideline. It is located here: http://lazarusalliance.com/horsewiki/index.php/Social_Computing_Guidelines Like so many of my corporate information security counterparts, the explosion of public applications available and the massive participation presents a new challenge in the presentation of… Read More
Daily Digest for August 19th
mdpeters New blog post: Progress made towards information security https://michaelpeters.org/?p=733 [#].
Progress made towards information security?
When the Cyber Czar’s and CISO’s get a seat at the big table, in a normal chair, rather than a high chair, global society will not gain traction towards appropriate information security. We will continue to be reactive and not proactive.
Laws of Power – 27
Play on people’s need to believe to create a cult-like following: people have an overwhelming desire to believe in something. Become the focal point of such desire by offering them a cause, a new faith to follow. Keep your words vague but full of promise; emphasize enthusiasm over rationality and clear thinking. Give your new… Read More
Laws of Power – 17
Keep others in suspended terror: cultivate an air of unpredictability: humans are creatures of habit with an insatiable need to see familiarity in other people’s actions. Your predictability gives them a sense of control. Turn the tables: Be deliberately unpredictable. Behavior that seems to have no consistency or purpose will keep them off balance, and… Read More
Laws of Power – 14
Pose as a friend, work as a spy: knowing about your rival is critical. Use spies to gather valuable information that will keep you a step ahead. Better still: Play the spy yourself. In polite social encounters, learn to probe. Ask indirect questions to get people to reveal their weaknesses and intentions. There is no… Read More
Corporate Records: Voice-mail
As electronic discovery matures to meet the ever-changing technology landscape, it is incumbent upon the information security practitioner, forensic investigator, General Counsel, or others responsible for the discovery, acquisition, processing, preservation, and presentation of electronic records to keep swimming or risk drowning. There should be no illusion that voicemail would be considered an electronic record… Read More
Social Networks and Social Engineering
I’ve commented occasionally about social networking site and appropriate content posted therein. I’ll share an article I read on a favorite news site. It is an amazing abuse of authority in my opinion. It also demonstrates the hazards of what could happen when low-tech mentality bludgeons high-tech. Original URL: http://www.theregister.co.uk/2009/06/18/american_burg_and_facebook/ US city demands FaceSpaceGooHoo log-ins… Read More
Cloud Computing: Part 2
Internet information exchange and commerce has matured to the point that we cannot imagine how we would run our businesses without technology anymore. We have created elaborate systems and constructed solid disaster recovery and business continuity mechanisms to protect our digital assets. Until recently, these Internet facing systems have resided on dedicated computers that we… Read More
The lines are blurring
The legal profession, in one form or another, as existed for thousands of years. As with any activity, experience and practice helps us become more proficient, more accurate, more profound. Information security and regulatory activities are relative newcomers in the holistic picture. These pursuits also require vigilance and practice. An interesting phenomenon I believe is… Read More
Participating in the FST Finan…
Participating in the FST Financial Services Technology 8 Summit this week as an Information Security ILM guest panelist.
Care and feeding of http://laz…
Care and feeding of http://lazarusalliance.com/horsewiki/ the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.
Financial Services Technology – FST US 8 Summit
I’m looking forward to the Financial Services Technology FST US 8 Summit taking place April 15th-17th 2009 at the Lansdowne Resort, West Virginia. I’ll be a participant in their information security identity and access management infrastructure forum as a guest panelist which should be a good experience. More to tell during the week as the… Read More
Incorporation
The former Lazarus Alliance Incorporated is being reorganized as Lazarus Alliance LLC. The corporate focus will continue to be Information Security and Compliance consulting services, but, we will gradually be adding Legal services. In time, I intend on offering premiere comprehensive international services focused upon information security. Basically, Lawyers who are actually technically savvy. The… Read More
Juris Doctor 32 of 215
I’ve been playing catchup this week. I took two days off from my day job to spend time with my daughter Moriah while she was in town for a visit. By my estimations, I am about four days behind where I normally like to be. Next week will be tricky since I’ll be travelling to… Read More