June 2009 Entries

Going dark for a few days

The blog will be dark for a few days while I transport my server and accoutrements from Oklahoma to Seattle, and get it set back up. I'll calculate and publish the data transfer rate of my Chrysler 300C upon my arrival (yeah, it's got a Hemi).

posted @ Friday, June 26, 2009 8:33 AM | Feedback (0)

Ten Habits of Highly Effective InfoSec Leaders

I have been doing a lot of thinking lately, given the state of the economy and some of the discussion I've had with many of my colleagues. What I've come to realize is that I have taken a different approach than many of my colleagues when it comes to leadership and Information Security. It's well past time to reinvent the information security field, and reverse the impression that we are the Ministry of No, and the buzzkills that are constantly looking to shut down everyone's chat. Our role is so much more than that. Too often we paint ourselves into...

posted @ Monday, June 08, 2009 1:12 PM | Feedback (0)

InfoSec in the Courts

Some interesting infosec cases coming up in court cases recently. Last month, the Supreme Court agreed to hear a case challenging the constitutionality of the Sarbanes-Oxley Act of 2002 (aka SOX). More recently, Wired reports that Merrick Bank is suing PCI QSA Savvis for giving Card Systems a passing grade on a PCI audit just 3 months prior to Card Systems getting hacked and ultimately exposing 40 million credit cards to the intruders. The breach cost Merrick nearly $18M to fend off the resulting fraud, settle claims, and replace compromised cards. While SOX has been a driver of security investments in the years...

posted @ Tuesday, June 02, 2009 11:42 PM | Feedback (0)

"Life is ten percent what happens to you and ninety percent how you respond to it." -Lou Holtz