Musings on Information Security
 
Showing 1-10 of 34 records
 
Expand article

Cute names can't come to rescue

2008-08-23 23:26:05 by RaviC in Musings on Information Security
 
...security project managers who were very good in creating a buzz around their projects. Projects were given fancy names. The funniest project name I have heard was "Baby Rhino". One day I get an email in my inbox with a subject line which says: Baby Rhino Caputred! - The email got my attention, but the project did not gain any extra respect...
 
Tags: names, project names, project, security project managers, bad strategy, bad, baby rhino, bad loans, fancy names
 
 
 
 
Expand article

Taming of the Information Security

2008-07-09 06:33:00 by RaviC in Musings on Information Security
 
...information security grows up to become an unmanageable complex beast. In some cases, this happens consciously where information security goes out of control, but in other cases this happens unconsciously where there is a slow but incremental increase in the complexity of information security which leads to chaos The information security...
 
Tags: information security, information security field, information security bar, information security program, security, information security technology, poor security decisions, information security grows, companys security initiative
 
 
 
 
Expand article

Security Function as a Business Enabler

The Article has images
2008-06-27 20:50:00 by RaviC in Musings on Information Security
...Information Security function (as part of IT) as an overhead of an overhead. It is utmost important for security manager to run the security function in a way that it enables the business The various components (sub functions) of security organization should align with the business objectives of the IT and the whole organization. There needs...
 
Tags: security, view security organization, security organization, business, information security function, organization, information security, cohesive security strategy, strategy
 
 
 
 
Expand article

The Order of Diminishing Returns

The Article has images
2008-06-17 21:41:00 by RaviC in Musings on Information Security
...information assets, but sooner I realized these firewalls were not configured right and they were a set of a fireholes than a set of firewalls. Moreover, the maintenance costs in this type of complex security framework can be humongous. Imagine poor me debugging the firewall rules across these 5 layers of firewalls. But, one thing for sure...
 
Tags: complex security framework, firewall rules, firewall, security organizations, start-up, layers, start-up companies, provide continuous security, classic management term
 
 
 
 
Expand article

Application Due Care

2008-02-18 08:55:12 by RaviC in Musings on Information Security
 
...security layers". Truly secure application is a far fetched statement 1. What is the application made of? - Complexity 2. How was the application built? - Methodology 3. Where does the application run? - Environment 1. Complexity - Applications are developed using one or more of open source software, third party libraries, re-used libraries...
 
Tags: application, application due care, development methodology, methodology, application runs, application exist, application security, development, secure application
 
 
 
 
Expand article

Security is Invisible and Customers won't Pay for Security

2008-01-25 19:06:11 by RaviC in Musings on Information Security
 
...Security is invisible. Customers are willing to pay for visible software product functionality but not for secure software product development methodology. Unfortunately, most of the security is in the backend, if security works well, truly, it should be "invisible" and the fact that it hidden does not motivate customers to pay anything...
 
Tags: security, poor software security, software security, aspect, security aspect, security professionals, visible, highly visible, security visible
 
 
 
 
Expand article

Media and Our Mind - Risk is All About Perception

2008-01-23 07:22:32 by RaviC in Musings on Information Security
 
Dave has an excellent blog post on how media affects our risk perception. Dave Hitz is the founder of NetApp This is the what Dave says A good risk management plan should take into account hurricanes, lost tapes, lost laptops, and maybe even terrorist attacks, but realistically, headlines typically don't highlight the most important risks. You...
 
Tags: headlines fade quickly, headlines, excellent blog post, dave hitz, dave, blog, attacks, risk management models, terrorist attacks
 
 
 
 
Expand article

An interesting Whitepaper on Web 2.0 Security & Fortify Event

2008-01-18 07:40:36 by RaviC in Musings on Information Security
 
...Information Security documentary titled: The New Face of Cybercrime . The documentary was very nicely done, considering the Director Fredric Golding has no background in Information Security The thought leaders panel discussion was very stimulating. Being an analogy person, I liked analogy narrated by Howard Schmidt , Former White House...
 
Tags: information security breach, information security, security, information security documentary, documentary, security awareness, ex-microsoft security person, user awareness determines, user awareness
 
 
 
 
Expand article

Excellent addition to Information Security Blogging Community

2007-11-21 18:43:11 by RaviC in Musings on Information Security
 
My good friend, Muni Tripathi has started blogging on Information Security. You can read his blog about security at http://muni-on-security.blogspot.com
 
Tags: security, information security, muni tripathi, friend, blogspot, blog
 
 
 
 
Expand article

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security