“You keep using that word. I do not think it means what you think it means.” — Inigo Montoya from the movie, The Princess Bride. NASA had a laptop stolen with about 10,000 employee records on it (remember that number 10,000– it comes up below). The laptop was not encrypted. Here is what the NY … Continue reading
Monthly Archives: November 2012
Tellers of tales and debunkers of myths
Tellers of tales and debunkers of myths. An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this … Continue reading
Of codes and pigeons
If ever there was a time when I absolutely wished I was more an expert in cryptography, this is it: http://www.nytimes.com/2012/11/24/world/europe/code-found-on-pigeon-baffles-british-cryptographers.html?hp Continue reading
Reflections on certification, part 1
In his essay, “Disabling Professions”, Ivan Illich writes, “Let us first face the fact that the bodies of specialists that now dominate the creation, adjudication and implementation of needs are a new kind of cartel….Professionals assert secret knowledge about human nature, knowledge only they have the right to dispense.” When he wrote the essay, certifications … Continue reading
Most e-mailed article
This morning’s most e-mailed article in the on-line version of the New York Times is Nicole Perlroth’s “how to devise passwords that drive hackers away”. It is a somewhat apocalyptic piece that assures you you will get hacked and provides some standard advice (“forget the dictionary”) on constructing and managing strong passwords. http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html?src=me&ref=general It leaves … Continue reading
Be the change you want to see in your password
Widespread skepticism about the strength of single factor authentication increased dramatically as it actually became single factor. One of the things about authentication is that it is often described in a vacuum, as if the user was in a lab. Even in popular culture, this is known/shown to be unrealistic. There are scores of movies … Continue reading
Originally posted on {Cyber Security}:
An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this does not…
Reflections on certification part 1.5
Looking forward to December 8, 2012. I’m going to take the Certified Information Security Manager exam from ISACA (I’m already a CISSP and thought I’d expand the letters to the right of the comma after my name). I know COBIT pretty well and so I know what I expect from ISACA. In general, they structure … Continue reading