Security Strategies Alert

Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.

Search Security Strategies Alert Security news and resources from Network World.

Pushing for software quality assurance: 03/17/10; In my experience, some programmers and program development managers resist investing time in software quality assurance (SQA). In a recent research article on "Resistance Factors in the Implementation of Software Process Improvement Project in Malaysia," from the Journal of Computer Science 4(3):211-219 (2008), the authors summarized extensive published research on why people resist SQA. Experts have found that there are several categories of stumbling blocks to integrating SQA into the software development process (Table 1, p 213):
Practical priorities in PCI DSS logging: 03/10/10; PCI security guidance mandates not only the creation of logs and retention, but also their review. It is essential that your logging policy and procedures cover such daily review tasks, whether using log management tools or manually.
PCI DSS logging: A must for compliance: 03/08/10; The PCI DSS continues its march from the largest to the smallest merchants, affecting the way thousands of organizations approach security. PCI DSS applies to all organizations that handle credit-card transactions or that store or process payment-card data.
Software development and quality assurance: 03/08/10; SQA must aim to uncover all program problems even though in practice, that's not possible for most programs. At best, we are reducing the likelihood that defective programs will enter production. Since the cost of rectifying errors grows by about ten times with each stage of development, it's sensible to incorporate SQA at every step of the system development life cycle.
Texting on mobile phones while driving: 03/03/10; In October, the U.S. federal Department of Transportation, supported by an executive order from President Obama, announced plans for a nationwide ban on texting while driving.
Texting on mobile phones while driving: Duhhh: 03/01/10; Alyssa Burns was driving on Iowa Country Road 800N on June 25, 2009. The 17 year old was a good student and was popular among her schoolmates. She was also driving in the wrong lane while she was texting a conversation on her mobile phone – and had not buckled her seat belt – when she swerved into the ditch and died. http://desmoines.injuryboard.com/automobile-accidents/fatal-choice-texting-while-driving.aspx?googleid=265820 >
Regulations and resolutions of talking on mobile phones while driving: 02/24/10; Driving while talking on mobile phones is dangerous, as I explained in the previous column. In this column, I review some resources for knowing what various jurisdictions in the U.S., Canada and Europe have decided about the practice.
Documented dangers of talking on mobile phones while driving: 02/22/10; It seems to me that there's been a lot of newspaper, radio, TV and even Network World coverage in this past year about the dangers of talking on mobile phones while driving.
Is there a best certification?: 02/17/10; There is no best tool for an undefined job. Nobody can rationally decide whether a hammer or a power drill is the "best tool" without specifying what job the tool is supposed to do. So it is with certifications.
Mandatory certification & licensing for IA professionals: 02/15/10; In this fourth article in this five-part series, I look at the controversy surrounding U.S. government proposals for mandatory certification of security professionals.
Context for discussions of mandatory certification: 02/10/10; In this third article, I look at the wider context of certification and licensing for a range of professionals in the United States and point to the efforts beginning in the early 2000s to force certification for IA officers in the US Department of Defense.
More evidence of value of security certification: 02/08/10; This is the second of five articles discussing the benefits (if any) of security certifications in the job market. In the first article, a number of studies suggested that certifications do indeed improve prospects for hiring and higher salaries.
Do IA certifications improve hiring, promotion & salaries?: 02/03/10; The economic doldrums that struck the US and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery.
Fact, fiction and the Internet: 02/01/10; In their simplest form, many social networking sites are not much more than online diaries. Whether you're thinking of Bridget Jones or Adrian Mole, Alan Clark or Samuel Pepys, most of us realize that a diary is just someone's personal view, and not a reliable source of indisputable information. Most of us except for financial institutions, that is, or so it appears.
IMPERVAious to common sense: 01/27/10; In December 2009, 32 million passwords stored without encryption on the Rockyou.com Web site were stolen and published on the Web for anyone to see. The security firm IMPERVA published a thorough analysis of these passwords to see how a large sample of users – not just those responding to a survey – actually manage their personal authentication.
Informing victims of identity theft: 01/25/10; Until recently, information assurance (IA) personnel and attorneys specializing in this area of the law have had to search for the appropriate governing laws for each jurisdiction. In this column, I review a valuable resource for locating the laws which apply to disclosure of personally identifiable information (PII) in each state in the United States and internationally.
IC3 includes identity theft in statistics: 01/20/10; Identity theft has been a major and growing problem in the United States for several years. The Privacy Rights Clearinghouse, a "nonprofit consumer organization with a two-part mission -- consumer information and consumer advocacy" has an excellent survey page with pointers to years of published studies and point-form summaries of many of their findings.
Windows 7 troubles and business continuity: 01/19/10; Do you ever simultaneously feel like an idiot and also grateful that you've done at least something – anything – right?
Pirate's cove: Defenses: 01/13/10; This final article in a series of four articles examines issues of defense against cyber pirates. In laws and regulations, distinctions are not made between passive defenses, such as firewalls, anti-malware and other conventional defenses, and active defenses such as counter attacks. Perhaps such distinctions are necessary.
Pirate's cove: The eastern havens: 01/11/10; This third in a series of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes presents discusses the environment or climate affecting the activities of cyber pirates and privateers.
Pirate's Cove: The western havens: 01/06/10; This is the second in a set (see part 1) of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes that examines the threat of cyber crime in business-to-business (B2B) activities. This part presents some top-level findings and analyses about the environment or climate affecting the activities of pirates and privateers in North America, Europe and the former Soviet Union.
Pirate's Cove: Setting the stage: 01/04/10; The need for protection against cyber crime is ever increasing, especially considering the volume of personally identifiable information (PII) and financial transactions which corporations and financial institutions manage on a daily basis.
Internet addiction in China: Some teens harshly treated: 12/23/09; Internet growth in China has been phenomenal. According to the Miniwatts Marketing Group's "Internet World Stats," between 2000 and 2009, the estimated number of Internet users in the People's Republic grew from 23 million to 338 million and the penetration percentage grew from 1.7% to 25.3%.
Debate over Internet "Addiction": 12/21/09; Kimberly S. Young is a clinical psychologist who has been working on what she calls Internet addiction since the mid-1990s.
Internet habit? Dependency? Addiction? Pop psychology?: 12/16/09; The popular press is full of articles braying news about Internet addiction; try typing "Internet addiction" into the search field of your favorite search engine and start browsing. A Google search in mid-December brought up 768,000 English, French and German pages on the topic.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.