Despite the significant uptick in information security events on display thus far in 2011, and despite the diversity and caliber of organizations that are being breached, it seems that too many organizations are failing to learn the lessons of the victims. More than...
…that is the question. Every time a software vendor experiences a vulnerability or releases patches for a serious security issue, the debate about Full Disclosure or Responsible Disclosure gains a little more steam. Just how much information should a vendor disclose...
I had a chance to review the 2010 Verizon Data Breach Report today, which I was alerted to by ISC.SANS.ORG. They’ve put together data from 2004 through 2009, and it is quite interesting. These are from confirmed data breach cases. Here were 3 of the scariest stats in...
Yes, we know that information security in an interconnected world is not trivial. We accept that configuration errors or malicious insiders or new, complex threats might conspire to provide opportunities for a breach. But who says that it is acceptable...
Does fulfilling your regulatory compliance requirements actually lead you to be more secure? Will your organization automatically attain compliance by pursuing a strict regimen of security practices? In short, is the quest to be compliant complementary,...
