by Jesper Kråkhede, Sweden
Posted in Security Architecture on Nov 30th, 2010
All over the news is the latest from Wikileaks publishing diplomatic mail from US. The consequences are for others to decide upon. My interest lies in how it could happen. According to what I read in the news there are two main reasons: the possibility to copy material to a CD (I cannot say if […]
Posted in Compliance, Security Architecture on Oct 31st, 2010
PCI DSS is a very interesting compliance framework. It may be very prescriptive describing exactly what to do but when you really understand it you see that it is mainly telling you what to look for in a mechanism and how to measure that it is actually effective. It is here that most companies fail. […]
Posted in Security Architecture on Oct 31st, 2010
Measuring availability and hunt for nines is rather common. It is a common saying that every nine put another zero on the price tag. However, the real question is not how available a solution is but what to do with the last fraction of the percentage. It is all well to reach 99.9% but I […]
Posted in Compliance, Security Architecture on Sep 30th, 2010
Log files are mainly used for investigative reasons but there is a secondary usage of logging and that is performance analysis. Just recently I helped a hospitals surgery to pinpoint where they could be more effective by importing the log files into an analysis tool, using user identity to identify who did what and then […]
Posted in Compliance, Security Architecture on Sep 30th, 2010
One of the most often forgotten mechanisms of all kinds of security practice is tools used for investigation, log files and forensics. It is all good and well to have mechanisms that deter, detect and takes action but if something happens will you know what happened and, more important, who was the one who did […]
Posted in Security Architecture on Aug 9th, 2010
You have surly met them, you know, those trying to describe security as locked doors, and the so old question “Why bother with locking the door when a windows is placed beside it?” I ran into one of those just recently and we had a bit of an argument as he was trying to promote […]
Posted in Business, Methodology, Security Architecture on Jul 11th, 2010
During my years working with security I have met many claiming to work within security, some actually is doing it, some real jokers and some not understanding what it really is. What I learnt during all this years is that security is really complex, specializing in security means that you have to know everything about […]
Posted in Security Architecture on Jun 19th, 2010
One of the most important tools I use when working with security is reference architecture. It really helps me speed up my projects. So what is reference architecture? It is as simple as a visualized description of the best way to solve a problem. So whenever I am to implement PCI DSS, ISO 27001 or […]
Posted in Methodology, Security Architecture on May 17th, 2010
BBC ran an interesting article today regarding how easy it is to take control of a car even when it is in motion. The scientists says that it is a rather difficult attack for the common man but something we all learned is that when it is hard in the beginning soon enough there will […]
Posted in Security Architecture on Apr 27th, 2010
In a Swedish newspaper today they ran a story regarding identity theft. A woman´s drivers license (the main identification in Sweden) was stolen and used to take out credits in here name. They got several thousands of SEK before she finally understood and contacted “Upplysningscentralen”, UC where you block the possibility to take credits in […]