Roger Halbheer on Security
I read this article (Surviving an Insecure Cyber Workforce) this morning about “the user” (and was once more disappointed – initially. They talk about the importance of awareness, the technology to make sure that the user does not access anything outside their business needs and only well audited etc. and at the very, very end…
DetailsNo, they are still not coming from me but this article is actually really interesting: Top 15 security predictions for 2016. A few of them are remarkable: At your criminal service (Kaspersky/Seculert) The profitability of cyber-attacks means sophisticated criminal gangs with modern organizational models and tools will replace common cyber criminals as the primary threat.…
DetailsA lot of articles are looking into the Morgan Stanley breach case, which is definitely an interesting story all by itself. An employee illegally accesses information and stores it on his home server. Obviously not a very smart thing to do but initially it rested there. It would be interesting to understand what he planned to…
DetailsThis time of the year typically two things happen: I am asked several times to either have a presentation or write an article about “Security in 2016”. The second thing is that everybody who writes a blog or otherwise thinks that they have to say something look into the crystal ball and writes an article…
DetailsI am really worried. Always after major incidents like serious crimes or terror attacks like in Paris, politicians start to push for the spotlight. They want to show that they are here for the citizens and here to protect them. This is definitely not bad at all but when it comes to high-tech discussions –…
DetailsThis is actually an interesting discussion: Critical Infrastructure: Better Cybersecurity Metrics Needed. From a high level view there is nothing you can object here. Definitely we need better metrics and definitely it would help us to understand the maturity of security in any given company – not just the critical infrastructure. But wait, I think…
DetailsI just got informed today, that I have been elected as a full member of the Swiss Academy of Engineering Sciences. The vision of the SATW is: SATW is recognized as the principal organisation for the communication of independent, objective and comprehensive information about technology – as a basis for the forming of well-founded opinions…
DetailsQuite a while ago, I provocatively asked the question, whether Anti-Malware Technology is dead. Back then it caused quite some reaction. Honestly, I still see little value to be added by classical anti-malware products if we would finally be willing, able and ready to use the technology, which is built in today’s operating system. Unfortunately,…
DetailsOn the one side: Unfortunately, my garden leave is over – on the other side, cool to start working again. My first days at Accenture are over now and I have to say: Quite an experience. I met a million people (at least it felt that way and this is what always happens, when you…
DetailsThis seems to be hot at the moment. In Thoughts on Responsible Disclosure and Wasenaar I gave some ideas, what I would expect from a vendor in how they will handle security vulnerabilities in their products. Now, I read HackerOne launches free Vulnerability Coordination Maturity Model tool which is very interesting from my point of…
DetailsBack when I was working at Microsoft I was joking that the company was been run on Mail and Spreadsheets. I guess I was not THAT wrong and I guess a lot of companies are the same. Key data still resides in any kind of SAP (or the like) installation and then the data is…
DetailsIf you are in the process of setting up an Incident Response Team (or you just want to check back), there is a good article to check your status: Checklist for Incident Response Teams Roger Related articles After Ola, Uber Too Brings Disguised Phone Numbers For Passenger Privacy! (trak.in) Attackers forgo malware (linuxsecurity.com) App. State…
DetailsWhen we are looking at solutions like SIEMs (Security information and event management), they are following a promising approach: You are collecting events from different systems and are trying to correlate the events to figure out what is happening and to find anomalies. Actually a good idea. There are a few “howevers”, however. It definitely…
DetailsCurrently, I am running two WordPress sites. One is my blog and the other one is the website of our bicycle/mountain bike club (www.vcvolketswil.ch). Securing them is part of the story for somebody like me, I guess. Normally you keep them just updated. Part of my responsibility is WordPress, all the plugins and the Themes.…
DetailsIt is not my first post (Crypto and Quantum Computing) and I am sure it will not be my last. I am deeply convinced that quantum computing will create a nightmare some when in the industry. It does actually not need thousands of computers – it just needs one and cryptography the way we know…
DetailsYou might know that I am a big fan of threat modelling. I think that this is a really good way to structure your thoughts around the way an attacker might think. Therefore, the tooling around threat modelling can be important as well. Microsoft offers free help with the Microsoft’s Threat Modelling Tool and published…
DetailsYou might have seen that I changed the design of my blog – I did this each time I changed job. So it is time to do it again….
If you see anything which does not work, please let me know: webmaster@halbheer.ch
Thank you
Roger
When you do risk management, one of the key questions is always, how a possible incident impacts the trust and then the customer base. Do you really lose customers when incidents happen? Well, the VW group learns this the hard way currently but how does online trust really impact the business? Ponemon published an interesting…
DetailsI had to smile, when I read that: My Government Doesn’t Understand How Encryption and Cyber Security Work. I hate to say it but “I told you so” (Thoughts on Responsible Disclosure and Wasenaar) – but why shall they. Government elites and politicians are typically lawyers or have a degree in business administration. And then…
DetailsOutsourcing IT Security : A Recipe for Success or Disaster?
Good question but looking at the resources companies can (and want to) invest in security, most probably a recipe for success
