Interesting story about a fraud targeting American home owners, linked from Securosis.com. There are a number of aspects of this story that make it very newsworthy. Firstly, the ease with which criminals made use of publicly available information, including fee-based Web databases, to obtain all the data they needed to perform identity fraud. …
Blogs / Stuart King's Security and Risk Management Blog
View all »
Latest posts
-
New and old frauds
http://www.computerweekly.com/blogs/stuart_king/2008/12/new-and-old-frauds.html -
Delhi, security awareness, and pragmatic reporting
http://www.computerweekly.com/blogs/stuart_king/2008/12/delhi-security-awareness.htmlClearing customs and getting out of the airport at Delhi last night was actually quicker than most of my recent experiences at Heathrow. In fairness I was travelling light and it was 2:30am before the aircraft took it's gate so the terminal was pretty empty by the time I passed through it. …
-
Building an Information Security Strategy - reprise
http://www.computerweekly.com/blogs/stuart_king/2008/12/security-strategy-reprise.htmlOver the past year, the posting on this blog with the single most number of page views is "Building an Information Security Strategy" which was actually posted back in March 2007. When it recently came to updating the strategy document, the first good question to ask was "do we still need to have a …
View all »
70 blog reactions
-
The Daily Incite - 11/20/08 - Sleep is good food
http://securityincite.com/blog/mike-rothman/the-daily-incite...the market and find a partner (like Reconnex), regardless of price. Fact is, Selby's right about one thing. It's a buyers market out there and most of the buyers are looking for big time bargains. How secure is PaaS (platform as a service) options? Stuart King challenges the smart folks that says they aren't ready for prime time with a pretty simple question. Do you think a service provider has better security than you do? Hmmm. That's interesting and also true. Most enterprises are woefully unable to secure their own stuff. I can tell you platform providers spend a lot of
-
Risk Intrigue
http://www.approva.net/audittrail/2008/11/17/risk-intrigue/Happy Monday, everybody. Have you been reading the lively debate between Risktical Ramblings’s Chris Hayes and Stuart King (whose risk management blog is at computerweekly.com)? It seems Stuart believes Chris’s strategies for risk assessment are impractical. Chris, in a response, takes a stab at explaining how he and Stuart differ on views of risk assessment. Feel free to weigh in in the comments
-
Headlines from the Computer Security Blogosphere
http://viralinks.com/computersecurityHope you all had a great weekend. I had meant to point you earlier to a FAIR analysis that Chris Hayes did over at his Blog. But I’ve been a little busy, and before I could mention it, Stuart King put up a kind of angry response on his ComputerWorld blog. Snark aside, there are a couple of other really troubling aspects of Stuart’s reaction to Chris’ analysis that I thought we could talk about this morning. The problem is that (Chris
-
Rational Risk Management, ‘Angry Italians’, and Irrational Security Analysts
http://riskmanagementinsight.com/riskanalysis/?p=520Hope you all had a great weekend. I had meant to point you earlier to a FAIR analysis that Chris Hayes did over at his Blog. But I’ve been a little busy, and before I could mention it, Stuart King put up a kind of angry response on his ComputerWorld blog. Snark aside, there are a couple of other really troubling aspects of Stuart’s reaction to Chris’ analysis that I thought we could talk about this morning. The problem is that (Chris
-
Fun Reading on Security AND Compliance 9
http://securityratty.com/article/8c92a5eb0e9512d04ed455c88f9...– will add more as this snowballs. Do you have an “ignorable” security policy? If yours is BOTH “ignorable” and “unfair”, then fuggedaboutit. Cisco survey kinda proves it. A few fun comments are here (“If people can't get their jobs done without having to find a way to circumvent policy then the policy is wrong.”) Risk and clouds – here, here, here and here in poetic form (!). Fun reading, but you know what? For many, many organization, what
-
Anton Chuvakin Blog - "Security Warrior"
http://chuvakin.blogspot.comit helps people who will otherwise not do anything and their systems will "power" those botnets of the future... While we are on this subject: a really good coverage of PCI 1.2. changes, released Oct 1st. More PCI fun here. And more here ("PCI Compliance - dispelling some common myths"). And, more PCI myths. And more good ideas on PCI from Mike R. Sorry, can't stop thinking about PCI :-) - also this is good. Adrian on behavioral monitoring
-
NHS
http://nhsexposedblog.blogspot.combodies replying to FOI requests, 2,887 cards were reported missing, including 1,400 last year alone. Extrapolating from this, the number of missing cards would be closer to 6,000. South Warwickshire NHS Trust was under fire for smart card sharing. Stuart King i s even more amusing.For those who do not recall it, South Warwickshire NHS Trust recently wrapped a consultant for passing data from one NHS data base to another NHS database. And there we have it, a brief summary in 20 minutes before I go off and so something more
-
Tony Collins's IT Projects Blog
http://www.computerweekly.com/blogs/tony_collinsheld on millions of us? The government's honest answer should be: "We have no idea." So much for internal audit. So much for the Data Protection Act. Links: Our interview with MoD over EDS missing hard drive - IT Projects Blog, 13 October 2008 EDS again? - Stuart King's blog EDS loses personal details of 5,000 prison staff - Computer Weekly Private data on armed forces goes missing - Silobreaker
Top Tags
What this blog is about
