After 9.5 years I have decided to leave Capgemini and try my wings in an own company. The 1th of January I and Hans Hjertsäll together with Ekelöw, a company within the information security business, started Coresafe. We will focus on compliance and security architecture delivering turnkey ready PCI DSS infrastructure that is cloud based. […]
Category Archive for 'Business'
I dare you to measure
Posted in Business, Compliance, Security Architecture on Oct 31st, 2011
Today I had a chat with one of my favourite security consultants in UK. He told me this amusing story about a company where he was supposed to implement Encase Enterprise Edition. When having a meeting with the network guys for pushing out the software as any other software the network guys immediately said: ‘No, […]
Don´t blame APT, blame your self
Posted in Business, Computer Forensics, Methodology on Sep 1st, 2011
Not taking the blame has always been a bit of a sport in some organisations. Some of you may have heard of RACI. In some assignments I have used an alternative named RACI-B where I added a column for Blamed. A perfect tool to use to handle the blame game that always follow a breach. […]
How does an infection look like from a user perspective
Posted in Business on Aug 26th, 2011
F-secure published an article today on how they found the mail and file used to hack RSA. A quite simple hack using social engineering and a standard Trojan named Poison Ivy using a zero day exploit, CVE-2011-0609. The article has an interesting video showing what happens from a user perspective when the computer becomes infected. […]
Security as the Stanford Prison Experiment
Posted in Business, Security Architecture on Apr 30th, 2011
The events currently unfolding at a large car producer points at a specific problem within security: The fears of letting other know. In many organizations today security has a somewhat impenetrable workflow. The board is briefed by the CSO or CIO with only a minimum off information according to “need to know”. Non-security personnel have […]
Knowing everything about everything
Posted in Business, Security Architecture on Jan 23rd, 2011
Even I go on vacations sometimes. This year I was away diving and as any diver I take good care of my gear meaning that I carry my regulator in my hand luggage to make sure it arrives fully functional. I do have to trust my life with it. However, carrying it through security check […]
The Lucifer effect
Posted in Business on Dec 25th, 2010
Most of you are aware of how to solve security problems. One that is harder to solve is how to handle a security department that don’t works for the company’s good. It is very easy to blame that specific guy but what if it is the system that is wrong? I recently read ‘The Lucifer […]
I don´t believe in probability
Posted in Business, Security Architecture on Nov 30th, 2010
I rather often conduct interviews of potential candidates to start working at Capgemini. One area that often draws my interest is risk analysis and within that there is a specific topic that always interests me: Probability. Ask any security specialist about the probability of a given risk and they answer with low, medium, high or […]
Passion for security
Posted in Business, Methodology, Security Architecture on Jul 11th, 2010
During my years working with security I have met many claiming to work within security, some actually is doing it, some real jokers and some not understanding what it really is. What I learnt during all this years is that security is really complex, specializing in security means that you have to know everything about […]
The boy who cried ash
Posted in Business, Security Architecture on Apr 19th, 2010
No one in Europe has missed the fact that there is a volcano erupting spewing out ash all over Europe grounding virtually all flights here. This has of course put a strain on a lot of sectors. During media coverage there have been the usual comments but one thing that became very visible this time […]