[SecurityRatty] tag: discusses

Rexam Global CIO Paul Martin discusses packing it up

Mon, 01 Dec 2008 21:00:00 +0000

Paul Martin is talking about his plans to head back home to the US when we meet in London on a bright autumn day at Rexam's very smart offices by the Thames on Millbank, just a short walk to the Palace of Westminster in one direction and the Tate Britain art collection in the other.

Speaking of Security Podcast #128

Mon, 10 Nov 2008 21:00:00 +0000

Click to Download/Listen (07:52)

In today's Speaking of Security Podcast we're talking to RSA customer, Kurt Roussell, Manager, Revenue Protection at We Energies (a subsidiary of Wisconsin Energy). Kurt discusses his strategies for thwarting identity theft at We Energies and his approach to the new FACTA regulations.

Q&A: Mobile Forensics

Mon, 27 Oct 2008 16:44:51 +0000

Aviad Ofrat is the CEO of Cellebrite and in this interview discusses mobile forensics as well as the Universal Forensic Extraction Device. In your opinion, how important is a mobile forensics capab...

Barak Obama Discusses Security Trade-Offs

Mon, 27 Oct 2008 03:31:12 +0000

I generally avoid commenting on election politics -- that's not what this blog is about -- but this comment by Barak Obama is worth discussing:

[Q] I have been collecting accounts of your meeting with David Petraeus in Baghdad. And you had [inaudible] after he had made a really strong pitch [inaudible] for maximum flexibility. A lot of politicians at that moment would have said [inaudible] but from what I hear, you pushed back.
[BO] I did. I remember the conversation, pretty precisely. He made the case for maximum flexibility and I said you know what if I were in your shoes I would be making the exact same argument because your job right now is to succeed in Iraq on as favorable terms as we can get. My job as a potential commander in chief is to view your counsel and your interests through the prism of our overall national security which includes what is happening in Afghanistan, which includes the costs to our image in the middle east, to the continued occupation, which includes the financial costs of our occupation, which includes what it is doing to our military. So I said look, I described in my mind at list an analogous situation where I am sure he has to deal with situations where the commanding officer in [inaudible] says I need more troops here now because I really think I can make progress doing x y and z. That commanding officer is doing his job in Ramadi, but Petraeus's job is to step back and see how does it impact Iraq as a whole. My argument was I have got to do the same thing here. And based on my strong assessment particularly having just come from Afghanistan were going to have to make a different decision. But the point is that hopefully I communicated to the press my complete respect and gratitude to him and Proder who was in the meeting for their outstanding work. Our differences don't necessarily derive from differences in sort of, or my differences with him don't derive from tactical objections to his approach. But rather from a strategic framework that is trying to take into account the challenges to our national security and the fact that we've got finite resources.

I have made this general point again and again -- about airline security, about terrorism, about a lot of things -- that the person in charge of the security system can't be the person who decides what resources to devote to that security system. The analogy I like to use is a company: the VP of marketing wants all the money for marketing, the VP of engineering wants all the money for engineering, and so on; and the CEO has to balance all of those needs and do what's right for the company. So of course the TSA wants to spend all this money on new airplane security systems; that's their job. Someone above the TSA has to balance the risks to airlines with the other risks our country faces and allocate budget accordingly. Security is a trade-off, and that trade-off has to be made by someone with responsibility over all aspects of that trade-off.

I don't think I've ever heard a politician make this point so explicitly.

MasterEncryptionKeys.XLS

Tue, 21 Oct 2008 11:54:43 +0000

My column from May on digital certificate management software mentioned Venafi, a company in that space. A Venafi blog yesterday (which quotes my column, so the cross-linking here is getting pretty aggressive) discusses a trip by Gregory Webb of Venafi to the Gartner Symposium/ITxpo. Webb asked around for what attendees used to manage certificates, and the answer was almost unanimous: a spreadsheet and some calendar reminders. You might say that it works, so who cares, but does it really work well? My impression is that it's not uncommon for these things to expire unnoticed. What happens if the employee who manages it leaves or (as one boss put it to me) "falls through a manhole"? You can bet something will go wrong.

DHS Secretary Chertoff discusses cyber security, highlights supply chain security

Sun, 19 Oct 2008 20:00:00 +0000

I had not seen the Secretary of Homeland Security, Michael Chertoff, speak on cyber security issues at a public forum since he keynoted the industry-wide RSA Conference in April 2008, so I decided to attend a forum at the U.S. Chamber of Commerce on Tuesday, October 15th where he was scheduled to keynote. Titled “Enhancing Cyber Security as Part of Enterprise Risk Management Planning” and held as part of a series of National Cyber Security Awareness Month events, Secretary Chertoff addressed the group of mostly business community attendees to highlight what he dubbed as “one of the most important initiatives that we have ever undertaken as a department or country”...

Links List 10.17.08

Fri, 17 Oct 2008 23:26:41 +0000

Novell announced this week its intent to purchase Managed Objects. We really didn’t see this coming. Novell? Can’t quite figure out the master plan here. I mean, they said they’d acquire PlateSpin back in February which made a lot of sense for bridging the gap of physical to virtual and building out a management portfolio beyond ZENworks Orchestrator. But Managed Objects? CMDBs? In this economy? We have to think back to the survey [link to survey post] we just did at Interop NY and the low scores – on importance and actual deployments – that CMDBs got. When it comes to tightening the belt, CMDBs kinda fell off the list. We’ll be looking forward to future announcements to see how this plays out.

Martin MC Brown at ComputerWorld has a great post on capacity planning and cloud computing. He discusses a new book “The Art of Capacity Planning”. The problem with the current model of data center management is that often a large number of machines may sit relatively idle while waiting for the traffic spike that causes them to be used. This is a problem because it’s simply a waste of time and resources on a whole number of levels. Enter the cloud – or at least the “hope of cloud computing”.

Numbers – what do they really mean? IDC released a statement with a whole bunch of them from their “Worldwide Quarterly Server Virtualization Tracker”. The most interesting stat: x86 Virtualization License Market Standings. VMware owns 44% of the market, but Microsoft, in its first quarter of general availability for Microsoft Hyper-V (plus Virtual Server 2005), has 23% of the market of new shipments.

Information Security Policy for Small Business

Thu, 16 Oct 2008 20:00:00 +0000

Bruce Waugh submits this paper which discusses the different types of policies and implementation of those policies for small businesses.

Q&A: Threats to the US critical communications infrastructure

Tue, 14 Oct 2008 12:41:00 +0000

Paul Parisi is the CTO of DNSstuff.com and has an extremely broad and deep technical background offering reality based solutions to everyday issues. In this interview he discusses the biggest threats ...

Windows Server 2008 SP2, Vista SP2 on the Way

Mon, 13 Oct 2008 02:59:08 +0000

Hat tip to Tweaking With Vishal for the reference to Neowin where franzon has found a KB article with very preliminary references to Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2. There isn't a lot of information in the KB article:

Beta Information
This article discusses a beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this beta product. For information about how to obtain support for a beta release, see the documentation that is included with the beta product files, or check the Web location where you downloaded the release.
INTRODUCTION

This Microsoft Knowledge Base article will be updated with more information about Windows Server 2008 Service Pack 2 (SP2) and Windows Vista Service Pack 2 (SP2) when the information becomes available. Currently, the product release notes and related information about Windows Server 2008 SP2 and Windows Vista SP2 are not available.

But it does indicate, in case there was any question, that these two service packs are being worked on.