SEARCH RESULTS
 
Showing 1-10 of 21 records
 
Expand article

Andy sees the light

2008-07-01 13:40:00 by Allen Baranov, CISSP in Security Thoughts
 
...Andy-It-Guy comes up with some excellent observations He has found an example of what Bruce Shneier calls movie plot security. What is also known as "whack-a-mole" security or knee-jerk reaction. Essentially, something goes wrong and we put in controls in case it happens again. Then something else goes wrong ... we put in something...
 
Tags: whack-a-mole, whack, whack-a-mole solutions, solutions, block specific, turn-key technology solutions, block, mole, technology
 
 
 
 
Expand article

No one ever gets fired for buying Cisco ...

The Article has images
2008-05-23 21:55:48 by HASH0x8b6ce90 in StillSecure, After All These Years
...Andy IT Guy had a good article up today called " You can use any vendor you want as long as it's Cisco ", that talks about people who choose a Cisco solution without really considering if it is the best solution for your own unique needs. Andy was inspired by an article by John Maxwell talking about Henry Ford's reluctance to build any car...
 
Tags: cisco, cisco solution, choose cisco, solution, industry standard, andy, choose, solution based, bet
 
 
 
 
Expand article

CISSP is here to stay! Sorry, Dre.

2008-06-20 11:14:00 by Allen Baranov, CISSP in Security Thoughts
 
...Andy, IT guy's blog. In his blog entry he complains rather tongue in cheek about how many meetings he attends While Andy and I are many miles apart it amazes me just how similar our lives are and, yes, I also spend ages in meetings. On average I spend about 2 hours of my day not in meetings. And I love it. Every meeting that I attend makes...
 
Tags: information, information security position, security, meetings, blog entry, cissp, blog, infosec career, firewall specialist
 
 
 
 
Expand article

Web 2.0 Security - The Beginning of the End or The End of the Beginning

The Article has images
2008-05-29 15:26:12 by Gunnar Peterson in 1 Raindrop
...Andy Steingruebl went to a Web 2.0 security conference and took notes on the ideas and presentations, if you are in infosec and/or developing Web 2.0 apps (that is to say if you are reading this blog), I recommend you read it and chase the links to get an idea of what is viable or not. Now to thoroughly depress/inspire you further let me...
 
Tags: people, software security people, software security, software security team, security, security people, web, security support, architecture
 
 
 
 
Expand article

We're so big and other marketing games

2008-06-27 10:41:01 by HASH0x8b0794c in StillSecure, After All These Years
 
Andy Jaquith had a good post up that I first heard about from Mike Rothman's blog . Andy, fresh off of attending the Symantec Vision conference laments the obligatory "we're so big" slides that find themselves into almost every deck you see. Whether it is for analysts as Andy says or for customers or partners, from the biggest to the smallest,...
 
Tags: vendor revenue reports, vendor, revenue, people, machines andor people, analysts base, obligatory circular diagrams, andy jaquith, analysts
 
 
 
 
Expand article

Henry Ford and Agility (Once you are secured - whats next?)

2008-06-05 14:04:00 by Allen Baranov, CISSP in Security Thoughts
 
...Andy Willingham I have had an idea for a Blog post in my head. But, in my new job, I am very busy and have very little time for Blogging so I left the thought in my head. Today, I had some time and started going through my blog list and saw this article by Jeff Lowder and then I knew I just had to write this article Its amazing how two...
 
Tags: information security, information, henry ford, information security nirvana, henry ford lost, processes, tie processes, information flows, business
 
 
 
 
Expand article

Fun Reading on Security - 4

2008-06-17 11:36:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...Andy "loves or hates it Good advice from Andy IT Guy : "We need to step back from time to time and evaluate what we are doing to determine if it still makes sense." ( more BBC on cloud security , actually interesting. More on the same subject , albeit with a dumb name Breach disclosure laws and security study by CMU, that SANS called idiotic...
 
Tags: security, scada security puzzles, fun, network security, network, security study, pci, pci compliance, cloud security
 
 
 
 
Expand article

Laptop stolen in Royal Bolton Hospital break-in

The Article has images
2007-12-19 15:24:44 by Evan Francen in The Breach Blog
...Andy Morgan, chairman of the health scrutiny committee, added: "I will be asking for a full report to be brought to my committee with regards the storage of personal data by both the hospital and the Primary Care Trust, to reassure the public that all is being done to protect their personal information in Bolton The theft in November is...
 
Tags: confidential personal information, personal information, royal bolton hospital, hospital, sensitive personal information, bolton, information, information security, share patient information
 
 
 
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...Andy Jaquith Now that youve seen the wheel, Ill briefly describe the steps Vision : Consider your security requirements, scenarios and use cases to help frame your threat modeling. What are the security aspects of your scenarios? What do your personas expect or hope doesnt happen? What are the security goals of the system youre building,...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel