Themes I picked up at VMworld this year: Difference between security and compliance Mixed-mode compliance (burden of proof and segmentation) Guidelines for compliance practices in cloud Encryption with key management Tokens for cloud to resolve latency between web in cloud and DB in private Automation risks (HAL9000) Forensics of cloud Each one of those is … Continue reading VMworld 2010 Recap: SSD Security
BitDefender says they have a survey that shows over 30% of users who accepted a friendship with a bogus profile are in the IT Security industry. Although it would be cool to jump into this statistic, I do not see any analysis or data on the users that proves they were not faking their own … Continue reading Social Networks Fool InfoSec Pros
Qualys has sent out a notice of change to how their QualysGuard provides reports for PCI Within the QualysGuard Consultant interface, you will still be able to run PCI specific scans using the PCI Option Profile. You will also still be able to run PCI pass/fail reports; however, these reports will now be flagged as … Continue reading Qualys scan changes forced by PCI Council
I wrote earlier about Deputy Defense Secretary William Lynn’s political posturing for influence or control of CyberCommand in the US. I was brought back to this thought after I read an excellent opinion article in The Daily Star called “An obsession with cybersecurity is not what the US needs“ Lynn’s proposals are provocative. But the … Continue reading Civilians giving away too much control of US CyberSecurity?