Enterprise Cyber Risk Management
DDOS Tutorial
A very good tutorial on DDOS attacks, much in the news in the past few months, was posted by the Berkman Center at Harvard University in December. The research is entitled: “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites”, December 2010. The first part of this report outlines DDOS attacks in general, while…
Read MoreThe future of information technology
We live in a time when information technology is turning everything inside out. This presents challenges and opportunities for information security professionals. I had the pleasure this week of listening to a presentation by Michael Rogers at LegalTech in NYC. The subject of his talk was information technology in 2020. Mr. Rogers designates himself as…
Read MoreLearning from the oil spill disaster
I believe that information security professionals can learn from disasters reported in other areas. After all, the basic security mission of prevent, detect and respond is the same whether the assets being protected are bytes of data or barrels of oil. Yesterday the National Oil Spill Commision released its final report on the Deepwater disaster…
Read MoreDown the Rabbit-Hole…Again?
The New York Times ran an interesting story on January 5 about a House Republican inviting input from businesses on which regulations were impeding economic recovery. I am sure the House will get at least a few comments on this topic. Since I had just finished reading Professor Tim Wu’s new book–The Master Switch–I had…
Read MoreIdeas on Risk Management
The recent financial meltdown has led me to give some thought to information security risk management processes. After all, these originated in the financial community in the distant past. So where does this leave today’s security practioner? Are risk management processes for IT security valid? Are we putting our businesses at higher risk for failures? A recent article…
Read More