Repost: Black Hat Hype Hurts the Risk Management Process

While Black Hat has been notably quieter and less frothy this year, this article (published in 2010) still rings true.  Hype damages the ability of people to make sound, rational, risk-based analysis of security issues. Reprinted from Search Security.com. Introduction...
Packet Goes Where? The Value of Firewall Naming Conventions

Packet Goes Where? The Value of Firewall Naming Conventions

A zillion or so years ago, humans developed writing. This was a big deal for civilization. People could document things like how to get rid of lice, defend castles from Huns and which berries are toxic.  Civilization would have quickly succumbed to lice, toxic berries...
PCI: I Find Your Lack of Scope Disturbing

PCI: I Find Your Lack of Scope Disturbing

Anybody who has spent more than a few nanoseconds working on PCI compliance invariably has been confronted with the mystical challenges of scope. What is considered in-scope for PCI compliance? How do you limit scope? And what constitutes the Cardholder Data...

All Security is Human

All security is human. I forget where I heard that or read it, but it underlines a simple reality about security. It all boils down to humans and their behavior. Technology, process, compliance, etc. are all tools we have to alter, control, and monitor human behavior....