One of the challenges customers always have is, how to select the right cloud partner and fairly often security drives this selection. The Cloud Security Alliance published the Cloud Controls Matrix quite a while ago and in addition a Consensus Assessments Initiative Questionnaire and a lot of request for information/proposal are based on this material.
. . . → Read More: Selecting the right Cloud partner
lt is time again! The Council of Europe Octopus Conference on Cooperation against Cybercrime is taking place this week. This year it is even the 10th anniversary of the Budapest Convention. Therefore a broad country of legal, law enforcement and private sector organizations are discussing the current state and the future of the collaboration to . . . → Read More: Cooperation against Cybercrime- Octopus Conference
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections:
Governments Legislative Bodies The Armed Forces Law Enforcement Judges . . . → Read More: Cyber Security: The Road Ahead
I will be at the ISF Congress in Monte Carlo from tomorrow on. If you are there as well and want to meet, drop me a mail
It is actually the first event since a long time I am just going to participate, not to hold any speeches
. . . → Read More: ISF Congress in Monte Carlo–let’s meet
There was a press conference yesterday to launch the “Real Man” campaign to raise awareness about the problem of child sex slavery. You should listen to the press conference – if you can cope with it… . . . → Read More: Real Men Don’t Buy Girls
I think I told the story thousands of time and everybody knows it but I will do it the 1001st time now . When I joined Microsoft and became what is the Chief Security Advisor for Switzerland today, we had an airlift for Windows Server 2003. The Product Manager in Switzerland asked me to keynote . . . → Read More: The Importance of Application Security
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products. So, I read through it and to me it . . . → Read More: We Need Solid and Strong Transparent Processes for the Cloud
I recently came across a paper called Shadows in the Cloud, which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network, an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the privilege to investigate those . . . → Read More: A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?
I just worked my way through the list SANS published. Looking at the list it is not surprising but scary to see which errors made it to the top of the list:
Cross-site Scripting SQL Injection Classic Buffer Overflow Cross-Site Request Forgery Improper Access Control
It shows as we often say that the attacks moved . . . → Read More: SANS Top 25 Most Dangerous Programming Errors – the same as very often…
SAFECode just released a new paper called Fundamental Practices for Secure Software Development. This is a collaboration of different people from different companies (SAP, EMC, Symantec, Juniper, Nokia and Microsoft).
As you probably know, SAFECode is a Forum to share good practices around development of secure software. It is about learning from each other . . . → Read More: SAFECode released „Fundamental Practices for Secure Software Development”