The SAS 70 Emperor Has No Clothes
Oct 2,
2012
A commonly cited auditing standard has little use for cybersecurity. When you put your data into the cloud, you turn over control. Operational responsibility moves to your cloud provider and you also lose visibility. You no longer do the work, you can’t even watch the work being done. However, you are still responsible for its […]
“Security is not a magic cream…”
Sep 20,
2012
So begins a quote we use in our Introduction to System and Network Security course. Too often we view security as an afterthought – something to add to our network or organization. We talk about hardening systems to mean making them more secure. This is totally a backwards approach. We need to consider security and […]
We Need Randomness!
Sep 17,
2012
What is entropy? if you ask a chemist or physicist, entropy is disorder or heat. If you ask an electrical engineer, entropy is both of those but it is also a measure of potential information content. James Glieck’s wonderful book The Information addresses this in detail, but the short version is that an unpredictable data […]
The Derecho Battered Amazon
Sep 3,
2012
I must confess that I had to look up just what a derecho is, but everyone in Virginia in late June experienced a big one. Amazon has a nice summary of the June event. An insurance adjuster would shrug and say “Act of God, nothing we can do”, but Amazon provides a great deal of […]
Password Pet Peeves
Aug 1,
2012
Why am I spending so much time talking about passwords? To begin with it’s because we can’t get rid of them, and that’s my first pet peeve. I know that static passwords (those that must be explicitly set) are easy to implement and use. That makes them convenient. For passwords on the web, I can […]