by Jesper Kråkhede, Sweden
Posted in Business on Jan 22nd, 2014
I have worked with incident investigations for many years and developed a skill to estimate costs of a breach quite some accuracy. One of the hardest to pinpoint is how many customers that actually would at least think of taking their patronage somewhere else. This report puts figures on the possible loss. Taking all figures […]
Posted in Business, Compliance, Security Architecture on Dec 14th, 2013
What on earth is AML Security architecture? I sometimes get the question how you create a security architecture for AML (Anti Money Laundering) and I´ll try to answer it here. A loose definition is that AML is a set of regulation dictating that you have to make sure your financial institution does not take part […]
Posted in Business, Security Architecture on Nov 16th, 2013
Sitting at a local coffee shop discussing security architecture with a client is sometimes hilarious and sometimes very intriguing. Today I had two meetings regarding possible assignments for creating a security architecture. Both my clients are well aware of what security architecture is and what you need to do to create one but in one […]
Posted in Business on Oct 16th, 2013
If you are a proud owner of a D-link your best bet today is to hide in a dark place in shame. At least if you trusted D-Link to make a solid and secure product that is also cheap to purchase. Reading the link it is pretty obvious that D-link wanted to provide a simple […]
Posted in Business, Methodology, Security Architecture on Oct 15th, 2013
As some of you may know, at least those of you that have read my CV, I´m a trained social worker and have a keen interest in psychology. I always find it interesting to understand why some organisations manage to protect their information and why some fails. I recently came across a report describing why […]
Posted in Business on Sep 14th, 2013
I sometimes get contacted by CIOs or CSOs that have one single but really hard problem: How can I change my managements attitude to risks? Mostly they have a management that accept almost any risk if the cost of controls run high. No matter what how the analysis is presented the cost is still perceived […]
Posted in Business, Security Architecture on Sep 10th, 2013
I conduct several risk and vulnerability analysis every month. One part of the deliveries I make is a calculation of the financial impact in case of a breach. This is always a challenge but quite often I manage to get a fairly good figure. The hidden costs of a breach is quite often more of […]
Posted in Business, Security Architecture on Aug 18th, 2013
If you ever been out pentesting you probably have encountered ‘Don´t test our ERP! It is too critical for us.’ Where is the failed logic in that? Looking at growing ERPs like Microsoft Dynamics AX they have a standard security model that fulfils most of the standard security needs. But let’s say you are a […]
Posted in Business on Aug 15th, 2013
If you think that internet fraud, hacking and so forth has gone done because Anonymous has been crippled and that NSA has 100% control of who does what on internet you need to think again. To be able to commit cybercrime you need a computer, internet access and a set of tools. In short this […]
Posted in Business, Security Architecture on Jul 30th, 2013
Is there any company of size that hasn´t got an ERP system today (Enterprise Resource Planning)? During my many years working in the field of security I have seen and participated in many analysis, checks, test, investigations and whatnots and in many cases we were instructed to not touch the ERP. It was way to […]