May 01 2012
Leave a comment
Opinion, Politics

CISPA and the Insanity of Information Security Politics

Guess what, I am an idiot. At least when roofing a house is concerned. Unfortunately, this makes me susceptible to less than scrupulous roofing contractors. They tell me that if I try to do it myself, I will nail my hand to the boards, fall off the roof or crush myself under a pile of shingles.  My work will be shoddy, the roof will leak, catch on fire and allow bugs to infest my home.

In other words, I am an uninformed roof buyer who can be easily manipulated with fear, uncertainty and doubt. Or as we security people say – FUD.

Continue reading

Tagged , ,
Apr 09 2012
9 Comments
PCI

PCI: I Find Your Lack of Scope Disturbing

Anybody who has spent more than a few nanoseconds working on PCI compliance invariably has been confronted with the mystical challenges of scope. What is considered in-scope for PCI compliance? How do you limit scope? And what constitutes the Cardholder Data Environment, or CDE?

These can be tough questions to answer. First, we need to start with some important distinctions.

Many people conflate the CDE with the PCI Scope.  In fact, the CDE and what is in-scope for compliance are not, necessarily, the same.

Continue reading

Mar 06 2012
Leave a comment
RSA Conference 2012

RSA 2012 Roundup – The Time is Now

With the end of Tony Blair’s speech, RSA 2012 came to a close. Mr. Blair’s speech was interesting, albeit marginally relevant. Mr. Blair is a personable figure who can be rather funny at times.  However, the attempt to tie world politics with information security seemed tenuous.  Mr. Coviello’s post-speech questions did not help much.  They were limp and elicited no real insights.

It has been a few years since I have been to RSA, but I do feel like I got a lot out of the show.  Security is happy, vibrant and sometimes laughable….read on.

Continue reading

Tagged , , , ,
Mar 02 2012
1 Comment
RSA Conference 2012

RSA 2012 – Thursday – Where are you going with this?

Today was a frustrating day at RSA. The crowd seemed more surly than previous days. As the week rolls on, the drinking, talking, posing, eating, and tweeting starts to take their toll on the #RSAC crowd.  As the tweets roll along you can just feel the buzzword exhaustion and outrage burnout. Indignation has turned to bitterness, fear has turned to desperation and even the self-proclaimed gurus and luminaries are beginning to wonder if they will ever amount to anything.

Continue reading

Tagged ,
Mar 01 2012
Leave a comment
RSA Conference 2012

RSA 2012 – Wednesday – Inspirational with a Chance of FUD

Today went a lot better than yesterday. I felt honest inspiration from the presentations I saw today. However, that does not mean the day was not without some drama.

Continue reading

Tagged , , , ,
Feb 28 2012
Leave a comment
RSA Conference 2012

RSA 2012 – Tuesday – Big Data, Big Egos, Total Carnage

Today was the first, big day of RSA and it was big cliché on display. Everywhere it was one buzz word piled atop another buzz word. We had three key note addresses, including the big guy himself, Art Coviello, President of RSA. Here are my day two observations, analysis and commentary. More after the jump…

Continue reading

Tagged , , , ,
Feb 27 2012
1 Comment
Business of Security, RSA Conference 2012

RSA 2012 – Monday – Innovation Sandbox Analysis

And so begins Anitian’s daily blog on RSA 2012.

Today was a short day at RSA. None of the big presentations started today. I did not get to the show until 12:30PM. My Alaska Airlines flight was pleasant, although the plane continued on to Cabo San Lucas, and I contemplated hiding on the plane and going with it. However, despite all my powers, invisibility is not one I have mastered.

The event I did go to is the Innovation Sandbox. I was very much looking forward to this. It showcased 10 new security vendors. And honestly, they were all pretty interesting. I have documented my analysis of these 10 vendors and their technologies.

Continue reading

Feb 17 2012
Leave a comment
Uncategorized

Blogging from RSA

RSA is just a week away. We’ve missed the past few shows. But this year, Anitian returns and I will be blogging every night from the show. The security industry is still pretty hot these days, so there should be plenty to write about. I plan on spending plenty of time debunking the FUD spreaders and other frothers. Should be fun.

I have some very interesting meetings lined up. Got a few CEOs and Execs that I am going to question. One in particular could make for some interesting drama.

Anyway, stay tuned for more RSA fun.

Andrew Plato

Jan 18 2012
1 Comment
Business of Security, Human Factors, Psychology of Security, Security Management

All Security is Human

All security is human. I forget where I heard that or read it, but it underlines a simple reality about security. It all boils down to humans and their behavior. Technology, process, compliance, etc. are all tools we have to alter, control, and monitor human behavior. Security is ultimately about manipulating people into desirable behaviors and discouraging unwanted behaviors.

This is why all security must have at least some respect and consideration of the psychological aspects of security. How people perceive security has a lot to do with their willingness to accept and support it.

Continue reading

Jan 10 2012
Leave a comment
Business of Security

Outside (Security) Advice is Sound Advice

Every year the executives of Anitian hunker down in some remote location and hash out our plans for world domination. Okay, we cater in some sandwiches at a coffee shop in Beaverton and try to figure out how to better serve our customers.  I am sure we will get to the world domination part some day.

This year was an especially good meeting. I have never felt so positive about the future of Anitian.

Continue reading

Older posts