Cyber Spaces

By Daniel Blum

Microsoft still trying to change the game

02/19/07

The assertion that "Vista is light years ahead" of Windows XP on security kicked off a storm of e-mail at the Burton Group.

PatchGuard and Windows security circus

11/24/06

Here's a metaphor for the future of Windows security: Microsoft and the industry are two acrobats on a tightrope with no net. The trick is to meet in the middle, shake hands and maneuver around each other.

Accountability is best recipe for compliance

09/11/06

Compare the confusion of implementing regulations, such as the Sarbanes-Oxley Act, with the clear results of breach disclosure accountability legislation, such as California Senate Bill 13. AOL, with its recent search data debacle, is the latest organization to have its data breach paraded across front-page headlines. Before AOL came the Department of Veterans Affairs and CardSystems.

Imperfect storm needs full-spectrum defense

07/10/06

Defense in depth is failing. As cybercrime mounts and attackers exploit the spectrum of technical and managerial weaknesses, companies must adopt a full-spectrum defense.

Authentication: Where's the magic factor?

04/24/06

As cybercrime threatens online banking security and technologists debate the efficacy of two-factor authentication solutions, business and technical questions remain.

Security needs cross-organizational buy-in

02/06/06

As the new year begins, one thing is clear: The information security discussion needs more constructive involvement from upper management and business unit leaders.

Out of the crossfire, into deployment

08/01/05

When running a federation project, users (unlike analysts) don't want to get caught in the crossfire. Keep the trust fabric simple, working with current partners first and turning to industry trust frameworks (such as the Federal E-Authentication Initiative) for broader deployments. Perform risk analysis, protect user privacy and involve stakeholders, such as application owners and general counsel, early in the process.

Risk management, controls key to SOX

05/02/05

SOX 404 itself is unlikely to go away. Companies should treat its mandate as an opportunity to strengthen risk management, information security and compliance to a growing body of regulations - not just SOX.

More