Admittedly I'd been a little busy as of lately, and one unfortunate casualty has been the blog. Still, I just ran against a perfect illustration of Realistic Security Principle #1:
You cannot design a control that is dependent on the behavior of humans and expect...
At the risk of bringing the wrath of many friends and colleagues, not to mention the entire security audit industry, upon my head, I wanted to write a post on a rather sensitive topic these days.
I swear, if one more person comes to me and asks me about hashing or encrypting data or putting it in a vault somewhere or whatever, just so they no longer have to comply with GDPR then… then… then my brain will explode on them and then they will end up with a...
A few years ago, I called in to Michael Krasney's morning show when he was discussing privacy and Facebook. I suggested the idea that Facebook users should be given the option to "redeem" their marketing value by paying an annual fee to use the service in a more privat...
At EAmmune, we do risk assessments very differently.
That statement could easily be one of our taglines. In all honesty, it's a direct result of my own rather passionate view that the way RAs are generally done is... well... stupid. I don't care what framework you're us...
First of all, sorry about neglecting the blog. As I made yet another posting directly to my LinkedIn profile this morning, I realized that the whole purpose of having this here was to support crossposting.
Here is a little secret about the title of "Why CISOs Fail" which, I believe, comes across as a potentially provocative title. When I started writing it, I actually decided to use the word fail precisely because it seems that, in the business world, it really is a 4-le...
I published my post on this topic in the SSS ("Simple Security Screwups") file yesterday night, but followig a quick LinkedIn exchange with the most prominent thought leader on identity theft in the country and probably the world (Mr. Neal O'Farrell), had a few more th...