Sunday, June 21, 2009

Are regulations an enabler?

IT governance does include regulations and policies, but they are just a subset and shouldn't be seen as control over IT initiatives.
Posted by Anuj Goel at Sunday, June 21, 2009 0 comments

Monday, June 15, 2009

Heartland's new focus: information Sharing

After end-to-end encryption, Heartland is now focusing on Info Sharing! The Result = PPISC (Payment Processing Information Sharing Council). I dont think forming new associations or groups is a solution. The focus should be on identifying leading risk indicators and designing controls so no threat could exploit those vulnerabilties. Anyway, here is Carr's introductory statement (I like his dedication, though!)
Robert O. Carr, chairman and chief executive officer of Heartland Payment SystemsTM, one of the nation’s largest payments processors and a new member organization of FS-ISAC, believes formation of the PPISC is the most effective way to foster communication among payments processors. Carr, a strong advocate of industry collaboration, has been talking to many payments processing leaders about working together to fight cyber criminals and encouraged the formation of PPISC.
Posted by Anuj Goel at Monday, June 15, 2009 0 comments

Sunday, June 14, 2009

Crypto attack puts digital sign hash on collision course

The researchers at USydney broke the SHA-1 algorithm in significantly fewer tries - which may put digital sign attacks well within the reach.
The new attack technique combines what's known as a non-linear differential path with a boomerang attack. It decreases the cost of a collision attack by a factor of more than 2,000 compared with previous methods. The paper has not yet been peer reviewed.
Posted by Anuj Goel at Sunday, June 14, 2009 0 comments

Wednesday, June 10, 2009

Tech vs. Human Controls

Technical controls, once designed operate as intended for several years, whereas human controls need to be trained on a regular basis.

Follow me on twitter @an_gl
Posted by Anuj Goel at Wednesday, June 10, 2009 0 comments

Tuesday, June 09, 2009

Current State of Security

Attended Marcus Ranum's session on current (and future) state of security. It was a pleasure to meet him in person.
Posted by Anuj Goel at Tuesday, June 09, 2009 0 comments

Sunday, June 07, 2009

Thoughts on NIST 800-53

Just finished reviewing final rev of NIST SP 800-53. My take- an approach towards harmonizing FISMA with industry standards like ISO 27001/2
Posted by Anuj Goel at Sunday, June 07, 2009 0 comments

Securing communication

Explosion in system to system & human to human communication is ballooning the size of the mesh - which is the most critical thing to secure
Posted by Anuj Goel at Sunday, June 07, 2009 0 comments

Monday, June 01, 2009

First step: define metrics

Its critical to define metrics to know if we're doing a better job- whether its for securing a company network or the country infrastructure
Posted by Anuj Goel at Monday, June 01, 2009 0 comments
Subscribe to: Posts (Atom)