Tag: Computer security
-
Do as I say, not as I do. RSA, Bit9, Adobe, and others…
So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to the gutter), and focused on protecting your assets by applying the right controls in a risk-focused way. You had your processes, technologies, and logs all figured out.…
-
Security Awareness and Security Context – Aitel and Krypt3ia are both wrong?
It was pretty obvious that after an Information Security persona such as Dave Aitel has posted his “Why you shouldn’t train employees for security awareness” article, there would be a lot of flak from the industry. A lot has been said about training employees to be somewhat more savvy users when dealing with corporate equipment…
-
How great perimeter defenses are hurting you
I have looked for a good example for a real-world security practice that is misconceived and that also applies to information security. Recently I have had a chance to read an opinion article that talks about physical security measures that are put in to protect small populations (read army bases, gated communities, etc…) and how…