Lessons enterprises should learn from the recent wiki-leak
There has been a lot of discussion around Wikileaks publishing an incredible amount of data which has been classified as confidential by the US Government. I don’t want to discuss this from...
View ArticleContext-aware, information-centric, identity-aware, versatile
Recently another analyst company had a presentation titled “The future of Information Security is context- and identity-aware”. Yes – but not that new. I remember that we had the context-based...
View ArticleRSA SecurID again
I’ve blogged last week about the RSA SecurID case. In the meantime there were several other posts and advices on that and I’d like to put together some thoughts from my side about that, looking at what...
View ArticleShould you learn about fraud from your customers?
Today I stumbled about an interesting survey. The core result: More than three-quarters of financial institutions learn of fraud incidents when notified by their own customers. The quote I like most...
View ArticleThe Sony case – or how to best ignore security best practices
The data theft at Sony has been in the headlines for some days now. What makes me most wonder is that – from what I’ve read and heard first – even the passwords were stored unencrypted. However, Sony...
View ArticleBe prepared for BYOD
BYOD: Again one of these acronyms. It stands for “Bring Your Own Device”. You’d also say that it stands for IT departments accepting that they’ve lost against their users. They have lost the discussion...
View ArticleHow to deal with Data Sprawl? Could a sticky policy standard help?
Data Sprawl appears to me to be one of the biggest challenges in information security. And, by the way, Data Sprawl is not an issue that is specific to Cloud Computing. It is a problem organizations...
View ArticleSAML, SCIM – and what about authorization?
Cloud Computing is just another delivery model for IT services. However, due to the specifics of cloud services like multi-tenancy and many others, requirements sometimes are even higher than for...
View ArticleSaying that others are wrong doesn’t make a mobile OS secure
Recently, Chris DiBona published a comment (or blog or whatever it is) at Google+ bashing at a lot of companies and people in the industry. He starts with “people claiming that open source is...
View ArticleThe value of information – the reason for information security
If you’ve ever struggled with finding the argument for an investment in information security, here it is: According to a survey recently published by Symantec, 40% of the worth of organizations is...
View ArticleSmarter Security Spending
On Thursday, I was moderating a panel discussion at infosecurity Europe (InfoSec), the leading UK security fair, which hosts a program of keynotes and panel discussions. My panel was titled “Smarter...
View ArticleKuppingerCole Predictions and Recommendations 2014
On Monday this week, we have published the KuppingerCole Predictions and Recommendations for 2014. They differ from other publications of people looking into the crystal ball in one important aspect:...
View ArticleWhy Apple’s culture of secrecy is your biggest risk in BYOD
The news of the bug in Apple operating systems has spread this week. As Seth Rosenblatt wrote on cnet, Apple’s culture of secrecy again has delayed a security response. While there is a patch available...
View ArticleReal-time Security Intelligence – more than just “next generation SIEM”
Recently a spotlight has been shed on the need for investing in Information Security solutions. The increase in cyber-attacks, the consistently high level of internal challenges, the appearance of...
View ArticleHow to identify attacks? Know your enemies – and what they already might do.
In a panel discussion I had at EIC 2014 with Roy Adar, Vice President of Product Management at CyberArk, Roy brought up an interesting number: according to research, attacks start on average 200 days...
View Article
More Pages to Explore .....