by Jesper Kråkhede, Sweden
Posted in Business, Methodology, Security Architecture on Oct 15th, 2013
As some of you may know, at least those of you that have read my CV, I´m a trained social worker and have a keen interest in psychology. I always find it interesting to understand why some organisations manage to protect their information and why some fails. I recently came across a report describing why […]
Posted in Methodology, Security Architecture on Apr 4th, 2013
A lot of public and financial services in Sweden utilise e-identity for authentication of users. In a newspaper in Sweden today there was an article (in Swedish) about a new way of committing fraud using this. In short fraudsters have managed to acquire an e-identity by applying for a bank account, possibly using false ID. […]
Posted in Methodology on Apr 2nd, 2013
Sometimes you are just amazed what is happening in the world of security. Almost everyone is aware of that when you put a device on internet it is scanned within a matter of minutes. A group of researchers wrote a paper about an experiment where they used unprotected devises on internet as bots to scan […]
Posted in Methodology, Security Architecture on Mar 20th, 2013
The average time to spot a breach is 210 days. That is a terrible high number as the damage to an organisation probably is a lot higher. A hacker having 210 days to walk around inside the digital vaults in any company surely opens up for tremendous losses of information and assets. One of the […]
Posted in Methodology on Jan 15th, 2013
There is an interesting story going around the news in Sweden today. A train was stolen by a young janitor. She drove it rather fast into a house. No one was hurt and now the security routines are to be updated. It puts a finger right on a rather important spot in the field of […]
Posted in Methodology, Security Architecture on Nov 29th, 2012
The common user sometimes asks why people bothers with finding new vulnerabilities and creates Trojans. For a number of years ago that was maybe a valid question but today the answer is very easy: Money. And there is a lot of money to make in malware. A recent Java exploit was marketed for a five-digit […]
Posted in Business, Methodology on Aug 21st, 2012
CSA is short for Child Sex Abuse, a terrible crime that has global attention nowadays. Sadly, those perpetrators exist everywhere at all levels of society. Most of them are only ‘viewers’ looking at CSA material while a few produces the material. I will not get into a discussion if you want to have those people […]
Posted in Methodology, Security Architecture on Jul 30th, 2012
One way of working with security architecture (SA) and compliance is to use SA as a way to understand the essence of compliance. A few months back I took the time to break down PCI DSS into a number of patterns. Just recently I picked out all PCI DSS requirements and mapped them towards Open […]
Posted in Methodology on Jun 30th, 2012
I just reviewed a risk analysis conducted at one of my clients. One thing that struck me was that this must have been conducted by some accountant with security skills. The risk analysis is adequate and fulfils the goals set but the analysis in itself is a number exercise way beyond the useful. Numbers upon […]
Posted in Methodology, Security Architecture on May 31st, 2012
If you are working within the business you probably have heard of Flame, a type of highly complex targeted malware, active in Middle East. With Flame emerging we now have three examples of very complex malware that are able to circumvent many standard security mechanisms. No matter the origin their existence show that there is […]