Better Metrics Needed to Assess Security of Critical Infrastructure?

This is actually an interesting discussion: Critical Infrastructure: Better Cybersecurity Metrics Needed. From a high level view there is nothing you can object here. Definitely we need better metrics and definitely it would help us to understand the maturity of security in any given company – not just the critical infrastructure. But wait, I think…

Details

Security Information and Event Management – Really the Way Forward?

When we are looking at solutions like SIEMs (Security information and event management), they are following a promising approach: You are collecting events from different systems and are trying to correlate the events to figure out what is happening and to find anomalies. Actually a good idea. There are a few “howevers”, however. It definitely…

Details

Is „Encrypt Everything“ Really the Only Solution?

When I look at the recent events and data exfiltration cases, it really looks like we are at the losing end of a battle. It seems to be fairly simple to compromise a network and exfiltrate data nowadays. Now you may claim that you deployed all kinds of cool technology like hardened clients, data loss…

Details

Security in Code – Learnings from Ashley Madison

It seems that the whole Ashley Madison case is used in a lot of areas as a learning exercise. We all were surprised (at least I hope) that people were stupid enough to use their business mail addresses to register – well, you cannot use your private one, can you? We – once again –…

Details