Securosis Blog

During the recent podcast I did with Rich, I made a couple throw-away comments about the selection of Melissa Hathaway as cybersecurity advisor. A lot of ideas went into those comments and a few articles that I have read that brought to the fore several issues I have had ideas rolling around in my head for the last couple of years. In fact I have written this post a couple of times over the last year and deleted it because I thought it would be perceived as too political. My goal is not…

Off-topic post …

My wife is constantly reading about the banks and lending institutions, and likes to read to me every gory detail she learns. Occasionally I do listen. About a month ago she made the comment “If the banks do go under, we’ll have to go back to cash. That will be strange.” I thought about it for a while and I realized just how true that was. I seldom carry cash. I do a lot of my shopping on the Internet. Can’t really do that with cash very well. I used the credit card for…

Securosis has expanded. Just got an email from Rich:

“Say hello to Riley Marie Mogull. 6lbs 15oz. Sharon made it without meds- she’s my hero”

It’s Friday again and time for the summary. It’s been a yin & yang kind of week for me, with mixed blessings and curses all around.

I was getting a little excited when I read this article over at NetworkWorld about how the PCI council will be releasing a prioritized roadmap for companies facing compliance. It’s a great idea- instead of flogging companies with a massive list of security controls, it will prioritize those controls and list specific milestones.

While both Rich and I predicted this would happen, I admit I am still slightly surprised: Netezza has acquired Tizor for $3.1M in cash. Netezza press release here, and While I do not see a press release issued from either vendor xconomy has the story here. Surprising in the sense that I would not have expected a data warehousing vendor to acquire a database monitoring & auditing company. My guess is it’s the auto-discovery features that most interest them. But like many companies that…

Just ran across this article on workers “stealing company data” on the BBC news web site. The story is based upon a recent Ponemon study (who else?) of former employees and the likelihood they will steal company information. It turns out that most of those polled will in fact take something with them. The Ponemon numbers are not surprising as this tracks closely with traditional forms of employee theft across most industries. What got me shaking my head was the sheer quantity of FUD being thrown…

Had a very interesting call today with a client in the pharma research space. They would like to protect clinical study data as it moves to researcher’s computers, but are struggling with the best approach. On the call, I quickly realized that DLP, or a content tracking tool like Verdasys (who also does endpoint DLP) would be ideal. The only problem? They need Windows, Mac, and Linux support.

A month or so I go I was invited by Jeremiah Grossman to help judge the Top 10 Web Hacking Techniques of 2008 (my fellow judges were Hoff, H D Moore, and Jeff Forristal).

<

div class=”wiki_entry”>

Last Friday Adrian sent me an IM that he was just about finished with the Friday summary. The conversation went sort of like this: