<![CDATA[[SecurityRatty] tag: incite]]> http://securityratty.com/tag/incite Tue, 22 Jul 2008 20:00:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Links for 2008-10-08 [del.icio.us]]]> http://securityratty.com/article/d45a6a86a62f0327b9849ed06c8c9316 http://securityratty.com/article/d45a6a86a62f0327b9849ed06c8c9316
  • Job Security Is a Dumb Goal (And a Survey with Some Cool Prizes) | Employee Evolution
  • Symantec Buys MessageLabs | securosis.com
  • Career Advice from the POPE | Security Incite: Analysis on Information Security
    • ]]>     Wed, 08 Oct 2008 20:00:00 +0000 symantec buys messagelabs security incite career advice job security dumb goal employee evolution information security cool analysis Links for 2008-10-08 [del.icio.us]     <![CDATA[POPE Rules!]]> http://securityratty.com/article/0efd3abe24c9f19a5b177dfb1c91d227 http://securityratty.com/article/0efd3abe24c9f19a5b177dfb1c91d227 this sooo made my day today. Mike Rothman "communicates" with P.O.P.E. and produces deep, lasting, impacting insight ("incite?") on career, skills, etc.

    My fave piece: "But ultimately I fancy myself to be a builder and [his new job] gives me the opportunity to build a strong strategy and marketing function." Amen to that! Even though Mike can be a "talker" too, not only a "builder."

    Read it!
    About me: http://www.chuvakin.org
    ]]>     Wed, 08 Oct 2008 11:09:00 +0000 mike mike rothman produces deep strong strategy fave piece builder function skills opportunity POPE Rules!     <![CDATA[Links for 2008-10-02 [del.icio.us]]]> http://securityratty.com/article/4672413537d5aeb1bb2e7df4cb958805 http://securityratty.com/article/4672413537d5aeb1bb2e7df4cb958805
  • Crazy Consolidation Will Continue | Security Incite: Analysis on Information Security
    • ]]>     Thu, 02 Oct 2008 20:00:00 +0000 security incite information security crazy consolidation continue analysis Links for 2008-10-02 [del.icio.us]     <![CDATA[Links for 2008-10-01 [del.icio.us]]]> http://securityratty.com/article/2e61bbf8f65cea7668e676362729b6b6 http://securityratty.com/article/2e61bbf8f65cea7668e676362729b6b6
  • Behavioral Monitoring | securosis.com
  • Dana Gardner's BriefingsDirect: Improved insights and analysis from IT systems logs helps reduce complexity risks from virtualization
  • E-Commerce News: ID Security: New PCI Security Standard Falls Short
  • Enterprise Architecture: From Incite comes Insight...: How many fingers are required to count the number of clueless IT Security Professionals?
  • IT Security: Can We Be Compliant and Yet Insecure?
  • Get Rich Quick With Network Security
  • Rational Survivability: IDS: Vitamins Or Prophylactic?
  • PCI DSS News and Information » Great Expectations?
  • GFOA Treasury Management
  • SANS - Computer Forensics - Top 7 New IR/Forensic Trends In 2008
    SANS Top 7 New IR/Forensic Trends In 2008
  • You Might be a PM if… « Mark Curphey - SecurityBuddha.com
  • Security is not a solution | Computerworld Blogs
    Security is not a solution
  • Andrew Hay » Blog Archive » Secure Life Ep 3
    • ]]>     Wed, 01 Oct 2008 20:00:00 +0000 security security professionals computerworld blogs security network security sans top irforensic trends sans top pci dss news Links for 2008-10-01 [del.icio.us]     <![CDATA[Links for 2008-09-18 [del.icio.us]]]> http://securityratty.com/article/86e32073c65f0bfabc65cd7f102d81b2 http://securityratty.com/article/86e32073c65f0bfabc65cd7f102d81b2
  • Rise up against Mediocrity | Security Incite: Analysis on Information Security
  • invisiblethings' blog: Microsoft executive "rebuts" our research!
    • ]]>     Thu, 18 Sep 2008 20:00:00 +0000 security incite microsoft executive information security invisiblethings research blog analysis mediocrity rebuts Links for 2008-09-18 [del.icio.us]     <![CDATA[Links for 2008-09-16 [del.icio.us]]]> http://securityratty.com/article/5a3a38b2081a3ca466ccd8cb3251f404 http://securityratty.com/article/5a3a38b2081a3ca466ccd8cb3251f404
  • Matt Flynn's Identity Management Blog: Situational Awareness in Logs & Events
  • The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 1) | BlogInfoSec.com
  • The Daily Incite - September 16, 2008 | Security Incite: Analysis on Information Security
    I got an earful from folks in the DLP space about my thoughts on "poor man's DLP," basically the capabilities that come with your email and web gateways that can check for very simple regular expressions and other content matching algorithms. I maintain that for a lot of customers, this is good enough to meet the spirit of the regulations and also to address the most common data leakages. No, this probably won't wash for a Fortune 50 class mega-enterprise. But Joey-bag-of-donuts and his PCI requirements?
    • ]]>     Tue, 16 Sep 2008 20:00:00 +0000 analysis qualitative risk analysis dlp space identity management blog dlp simple regular expressions common data leakages pci requirements situational awareness Links for 2008-09-16 [del.icio.us]     <![CDATA[Links for 2008-09-15 [del.icio.us]]]> http://securityratty.com/article/76641371b3a7f5060624cdd792c7e9cb http://securityratty.com/article/76641371b3a7f5060624cdd792c7e9cb
  • Quest grabs NetPro to strengthen Windows management wares - Network World
    NetPro’s lineup includes tools focused on security/compliance, infrastructure administration and identity/access. Those tools include auditing, backup/recovery, policy enforcement, event log management, Exchange migration, group policy management, health/performance and user self-service password management
  • Are common logging and audit standards emerging? :: SearchSecurity.com.au
  • SaaS market will 'collapse' in two years | Tech News on ZDNet
    Q: Won't people avoid the mistakes of "previous" SaaS incarnations, as you mentioned? A: People are stupid. History has shown it repeats itself, and people make the same mistakes.
  • CRM Outsiders » Blog Archive » Lawson CEO: SaaS Will “Collapse” In Two Years
    I couldn’t disagree more, but than again it was also Harry Debes that predicted that many of today’s Web 2.0, cell phone gadgets would never catch on either. SaaS is certainly here to say. I
  • Nerd News: Eventlog to Syslog
  • (ISC)2 Blog: Event Correlation
  • Speaking of Security... | Blog Entry: Paul Stamp | Correlation is no silver bullet: 1301
    So, when deploying SIEM to improve your security operations, remember that correlation only really works when backed up by real data about what is the biggest problem in your environment, and how that problem manifests itself in the event logs. I call it "working out what type of needles you'll find in your haystack."
  • Systems log analytics offers operators performance insights that set stage for IT transformation | Dana Gardner’s BriefingsDirect | ZDNet.com
  • Sharpening Stones and Walking on Coals | Nemertes Research
    When hunting for a needle in a haystack, after all, making the haystack larger is not an obviously productive course; getting a tool that can assist in the hunt - a magnet, or a metal detector - makes more sense!
  • Search or Destroy | Nemertes Research
    It's not all about security, it's not all about events, it's not all about compliance. All those things are critically important to IT, of course, but even more fundamental is the task of keeping things running.
  • jdm's Blog: How worthwhile is logging?
    Logs are like a warm blanket; verbose logging means you can know what's happening on your systems if you keep up with the logs. At the same time, logs become a burden very very easily, and they are easy to ignore.
  • Rainer's Blog: What is an Event? And what an Event Log?
  • Enterprise Architecture: From Incite comes Insight...: Taming the Documentum Audit Trail
    First and foremost, it is a good security principle to separate log data from the system.
  • Log management is a pain | Thomas Nicholson
    So for an administrator to not care about logs was a shock.
  • thebaumblog » Blog Archive » Life after SIEM. Situational Awareness is next.
    Life after SIEM. Situational Awareness is next.
    • ]]>     Mon, 15 Sep 2008 20:00:00 +0000 logs event logs event log management event log management event log security saas market saas Links for 2008-09-15 [del.icio.us]     <![CDATA[Links for 2008-09-11 [del.icio.us]]]> http://securityratty.com/article/5fc8d88b3db9b7e7ca09f8f03b4c3cd0 http://securityratty.com/article/5fc8d88b3db9b7e7ca09f8f03b4c3cd0
  • OPEN Forum by American Express OPEN » Blog Archive How to Save a Billion Dollars
  • The Daily Incite - September 11, 2008 | Security Incite: Analysis on Information Security
    But I think many security managers are missing the point of what a security management platform is supposed to do. It's about control and automation. The reality is no human can wade through the morass of data that comes out of our security devices.
  • Security Management: A Chicken & Egg Problem - Discovery and management - Dark Reading
    Most enterprises are looking for a product that will solve all of their problems in some sort of off-the-shelf miracle, and when they find out that the currently available tools can't do it, they either postpone their deployment or put them on the back burner.
  • Trusted Computer Solutions Acquires CounterStorm to Broaden Portfolio of Security Solutions: Financial News - Yahoo! Finance
  • Dana Gardner's BriefingsDirect: Systems log analytics offers operators performance insights that set stage for IT transformation
  • Financial Cryptography: Yet more evidence: your CISO needs an MBA
    Yet more evidence: your CISO needs an MBA
  • The Velocity 2008 Conference Experience - Part III - Web Admin Blog
    Logging should be actionable - concise, express symptoms. Anything logged is something fixable. It should be giving you less downtime - shorter time to resolution. Logging takes resources, so make it worth it. Filter down your logs to be concise and actionable. Production logging has different goals from dev/QA logging. You’re looking for problem diagnosis and recovery, and then statistics and monitoring. Insight into what the app’s doing.
    • ]]>     Thu, 11 Sep 2008 20:00:00 +0000 security management platform security management management web admin blog conference experience american express ciso concise mba Links for 2008-09-11 [del.icio.us]     <![CDATA[Links for 2008-08-15 [del.icio.us]]]> http://securityratty.com/article/c3237e147aa048495488e182bb006937 http://securityratty.com/article/c3237e147aa048495488e182bb006937
  • The Daily Incite - August 15, 2008 | Security Incite: Ding dong, SIM is dead? Yeah, not so much...
    My opinion is that the first generation of SIM didn't do what it needed to. It was too hard, too expensive, took too long to see value. There are lots of folks that are working on those issues. Of course, we still aren't there yet, but the industry is making progress. And the biggest reason I don't see the idea of SIM dying (although the implementation will clearly change and evolve) is because CUSTOMERS NEED IT.
  • Lets start the hype engine for 2009
    For the 5th year in a row, I suspect 2009 will be very much like 2008. We are still bailing out the leaky boat with a small cup. Sure, there are new and different attack vectors. And things like "the cloud" are causing us to revisit our general security architectures. And compliance certainly isn't going away as a key issue for security folks everywhere. BUT, maybe in 2009 we can start actually implementing the stuff we bought in 2006 and making sure we are more effectively doing the blocking and tackling that we all know can use some improvement.
    • ]]>     Fri, 15 Aug 2008 20:00:00 +0000 sim folks security folks attack vectors key issue security architectures start security incite leaky boat Links for 2008-08-15 [del.icio.us]     <![CDATA[Links for 2008-07-22 [del.icio.us]]]> http://securityratty.com/article/6e863ea0d836fdb6013ed12bd7b5ccef http://securityratty.com/article/6e863ea0d836fdb6013ed12bd7b5ccef
  • NitroSecurity’s Acquisition of RippleTech | securosis.com
  • Individual Privacy vs. Business Drivers | securosis.com
  • What goes up... (virtualization market) | Security Incite: Analysis on Information Security
  • Incite Redux: Day 9 - Get the jumper cables for DLP | Security Incite: Analysis on Information Security
    • ]]>     Tue, 22 Jul 2008 20:00:00 +0000 security incite information security business drivers individual privacy virtualization market nitrosecuritys acquisition jumper cables analysis incite redux Links for 2008-07-22 [del.icio.us]