by Jesper Kråkhede, Sweden
Posted in Security Architecture on Jul 8th, 2011
The scandal in UK with the tabloid press hacking of voicemail is a rather interesting affair. During the last two years I have discussed the authentication problem in mobile phones. Most of the time the question is how an app should authenticate to a server. I have seen all kinds of solutions and cut most […]
Posted in Security Architecture on Jun 28th, 2011
Just back from a wonderful vacation in US I couldn’t fail to notice how they have implemented physical security screening everywhere. There isn´t a theme park without bag check or metal detectors. In this case it is the little word OR that is the culprit. At one park I had to walk through a metal […]
Posted in Business, Security Architecture on Apr 30th, 2011
The events currently unfolding at a large car producer points at a specific problem within security: The fears of letting other know. In many organizations today security has a somewhat impenetrable workflow. The board is briefed by the CSO or CIO with only a minimum off information according to “need to know”. Non-security personnel have […]
Posted in Security Architecture on Mar 31st, 2011
IAM implementations of different kinds go on at many of my clients and one question I often get is how to handle logging and administrators from an IAM perspective. From the identity point you have one user – one identity. From the security point you have separation of duties and lowest possible access. If you […]
Posted in Methodology, Security Architecture on Mar 31st, 2011
Quite often I am engaged in projects involving creating an information classification. Many times this is seen as security work. However, this is not the case. Information classification is only an economic construct. By classifying information you make it easier to decide what kind of security and which security mechanisms you need. What is then […]
Posted in Methodology, Security Architecture on Feb 28th, 2011
Some of you may have noticed that my blog was hacked twice during February. The first hack was someone entering links for some obscure medical shop in all postings. The second hack was a simple defacing. You could say that it should be embarrassing to be hacked and that me as a security expert should […]
Posted in Security Architecture on Feb 28th, 2011
Working as a security architect means that I sometimes need to explain what I work with. I many times get the question: ‘Do you make architectures for security technology like IAM and Firewalls?’ The answer is always ‘Yes but…’ So the real question is: ‘What is “but…”?’ To be able to create a security architecture […]
Posted in Security Architecture on Jan 31st, 2011
Security experts are an interesting breed. Ask them about the effectiveness of obscurity and they will give you a long tale of why it doesn´t work. Ask them about the theory of encryption system and they will tell you that you should always assume that the attacker knows everything. Ask them about their own security […]
Posted in Business, Security Architecture on Jan 23rd, 2011
Even I go on vacations sometimes. This year I was away diving and as any diver I take good care of my gear meaning that I carry my regulator in my hand luggage to make sure it arrives fully functional. I do have to trust my life with it. However, carrying it through security check […]
Posted in Business, Security Architecture on Nov 30th, 2010
I rather often conduct interviews of potential candidates to start working at Capgemini. One area that often draws my interest is risk analysis and within that there is a specific topic that always interests me: Probability. Ask any security specialist about the probability of a given risk and they answer with low, medium, high or […]