The SAS 70 Emperor Has No Clothes

A commonly cited auditing standard has little use for cybersecurity. When you put your data into the cloud, you turn over control. Operational responsibility moves to your cloud provider and you also lose visibility. You no longer do the work, you can’t even watch the work being done. However, you are still responsible for its […]
Read More ›

“Security is not a magic cream…”

So begins a quote we use in our Introduction to System and Network Security course.  Too often we view security as an afterthought – something to add to our network or organization. We talk about hardening systems to mean making them more secure. This is totally a backwards approach. We need to consider security and […]
Read More ›

We Need Randomness!

What is entropy? if you ask a chemist or physicist, entropy is disorder or heat. If you ask an electrical engineer, entropy is both of those but it is also a measure of potential information content. James Glieck’s wonderful book The Information addresses this in detail, but the short version is that an unpredictable data […]
Read More ›

The Derecho Battered Amazon

I must confess that I had to look up just what a derecho is, but everyone in Virginia in late June experienced a big one. Amazon has a nice summary of the June event. An insurance adjuster would shrug and say “Act of God, nothing we can do”, but Amazon provides a great deal of […]
Read More ›

Password Pet Peeves

Why am I spending so much time talking about passwords? To begin with it’s because we can’t get rid of them, and that’s my first pet peeve. I know that static passwords (those that must be explicitly set) are easy to implement and use. That makes them convenient. For passwords on the web, I can […]
Read More ›

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.