Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose . . . → Read More: Is there a future for Product Certifications?
|
||||||
Will the user define security policies in the future?I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the user will buy their own and use it for business. Additionally, different people have different ... 
Get off XP or Risk your Business?One of the highest hit rates I ever had on my blog was one I wrote right before Conficker broke out. I called it Playing Russian Roulette with your Network. The background was, that we released an out of band security update and our customers came back and asked us, whether they really shall deploy it – this situation then led to Conficker. About 12 months from today, Windows XP will ... 
Security in 2013 – the way forward?Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into the context of typical hygiene of any IT environment. Let's try to understand, where we stand ... 
The Directory in the Cloud?It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations. Even though it is three years, the paper is still worth reading as the content still applies. What we basically said was, that if you look at the Cloud, there are five areas of Considerations: Compliance and Risk Management: Organizations shifting ... 
I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the . . . → Read More: Will the user define security policies in the future? Most companies have a lot of security policies to protect their assets and then there is the best of breed security technology added for each technical problem to solve. That way we can ensure that we did everything we could to protect the business – right? Well I do not completely think. I read this . . . → Read More: How much security do you need? Depending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that they should patch but too often do not . . . → Read More: The Challenge of Patch Management Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into . . . → Read More: Security in 2013 – the way forward? In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple to implement mitigations against this type of attack. As they . . . → Read More: Mitigating Pass the Hash Attacks Exactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic space opera. Terry Greer-King of Check Point shows how companies can avoid the Empire’s mistakes . . . → Read More: Security Lessons from Star Wars Yesterday I blogged about the Security Advisory – Update For Minimum Certificate Key Length. I would like to take the opportunity to give some more information on it. The reaction on the advisory is interesting so far. Some customers expect mainly older applications to run into a problem. Others tell us that they mandated . . . → Read More: UPDATE: Security Advisory – Update For Minimum Certificate Key Length As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) – Update For Minimum Certificate Key Length to make you aware of the fact that we will restrict usage of all certificates with RSA keys . . . → Read More: Security Advisory – Update For Minimum Certificate Key Length What about using Bitlocker???? Laptop lost with data for more than 2,000 patients, Boston Children’s reports One such incident probably pays your Windows 7 migration project – no? Roger |
|
|||||
|
Copyright © 2013 Roger Halbheer on Security - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
