http://communities.intel.com/blogs A syndication feed of all the blogs on this system Wed, 25 Nov 2009 18:36:30 GMT Clearspace 2.5.9 (http://jivesoftware.com/products/clearspace/) 2009-11-25T18:36:30Z http://communities.intel.com/community/openportit/it/blog/2009/11/25/who-should-start-the-data-security-revolution After posting the video and opinion paper It is Time for a Data Security Revolution! a reader posed a simple yet deep question.  GroogFish, in the YouTube video comments asked ...who is supposed to start this "revolution"?  As my response is a bit roi value information_security model risk matthew_rosenquist it security rosi optimal_security matthew rosenquist intel it@intel Wed, 25 Nov 2009 18:36:30 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/11/25/who-should-start-the-data-security-revolution 2009-11-25T18:36:30Z http://communities.intel.com/community/openportit/it/blog/comment/who-should-start-the-data-security-revolution http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12893 http://communities.intel.com/community/openportit/it/blog/2009/11/13/taking-back-the-security-initiative Threat agents maintain the initiative and we respond to restore balance. The bad guys innovate, find exposures, and use technology which they can leverage to achieve their objectives.  They take the first step, set the tempo, and lead this wicked threat security roi value rosi information_security intel_it strategy optimal matthew_rosenquist matthew rosenquist it optimal_security model risk it@intel Fri, 13 Nov 2009 19:07:11 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/11/13/taking-back-the-security-initiative 2009-11-13T19:07:11Z http://communities.intel.com/community/openportit/it/blog/comment/taking-back-the-security-initiative http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12842 http://communities.intel.com/community/openportit/it/blog/2009/10/22/how-to-value-digital-assets Russell C Thomas delivers a great post on How to Value Digital Assets .  It covers many basics and more importantly gives a good direction to take while spotlighting common pitfalls in the valuation journey. “This tutorial article presents one method security roi rosi information_security optimal_security model matthew rosenquist asset value risk matthew_rosenquist intel it it@intel Thu, 22 Oct 2009 18:48:22 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/10/22/how-to-value-digital-assets 2009-10-22T18:48:22Z http://communities.intel.com/community/openportit/it/blog/comment/how-to-value-digital-assets http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12736 http://communities.intel.com/community/openportit/it/blog/2009/10/20/are-billion-year-passwords-weak No.  Just the people who use them. Passwords of reasonable strength (8 characters or more consisting of upper/lower case and special keys) coupled with timely expiration, are secure.  Passphrases with comparable measures are equally secure.  The systems value information_security rosenquist it@intel password optimal_security model risk matthew intel it threat vulnerability security matthew_rosenquist Tue, 20 Oct 2009 22:35:58 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/10/20/are-billion-year-passwords-weak 2009-10-20T22:35:58Z http://communities.intel.com/community/openportit/it/blog/comment/are-billion-year-passwords-weak http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12722 http://communities.intel.com/community/openportit/it/blog/2009/10/20/is-data-security-really-that-bad With a painful taste of irony, it was recently reported that the Ministry of Defense's (MoD) manual explaining how to prevent leaks, was itself leaked.  Source: The telegraph.co.uk   "The Defense Manual of Security is intended to help MoD, armed value information_security risk it@intel information roi rosi intel security model matthew rosenquist it data optimal_security matthew_rosenquist Tue, 20 Oct 2009 19:54:48 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/10/20/is-data-security-really-that-bad 2009-10-20T19:54:48Z http://communities.intel.com/community/openportit/it/blog/comment/is-data-security-really-that-bad http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12720 http://communities.intel.com/community/openportit/it/blog/2009/10/19/it-is-time-for-a-data-security-revolution It is Time for a Data Security Revolution! Information technology has lagged behind society’s skyrocketing need to manage and secure data.   Information is growing exponentially and our demands for control and oversight continue to develop rapidly.   rosenquist it matthew_rosenquist data information security value information_security optimal_security model risk matthew it@intel intel_it threat strategy Fri, 16 Oct 2009 21:51:10 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/10/19/it-is-time-for-a-data-security-revolution 2009-10-16T21:51:10Z http://communities.intel.com/community/openportit/it/blog/comment/it-is-time-for-a-data-security-revolution http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12707 http://communities.intel.com/community/openportit/it/blog/2009/09/17/fortune-cookie-security-advice--confusing-security-measures-and-metrics--sept-2009 Measures generate data and metrics organize data to generate information.  The difference between ‘data’ and ‘information’, the former is something you know, the latter is something you use.   Everyone wants information security to be easy.  concern analysis value optimal rosenquist threat security matthew_rosenquist information fear corporate_security metric measure model matthew risk Thu, 17 Sep 2009 16:32:57 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/09/17/fortune-cookie-security-advice--confusing-security-measures-and-metrics--sept-2009 2009-09-17T16:32:57Z http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice--confusing-security-measures-and-metrics--sept-2009 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12568 http://communities.intel.com/community/openportit/it/blog/2009/09/10/can-low-tech-it-solutions-be-secure Thinking creatively, a South African IT company decided to use a low technology solution to complete a data transfer when their ISP network could not handle the job.  Typically, quick out-of-the-box IT solutions are rarely secure.  Smart technologists model threat security value information_security optimal_security risk matthew_rosenquist matthew rosenquist Thu, 10 Sep 2009 18:01:50 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/09/10/can-low-tech-it-solutions-be-secure 2009-09-10T18:01:50Z http://communities.intel.com/community/openportit/it/blog/comment/can-low-tech-it-solutions-be-secure http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12535 http://communities.intel.com/community/openportit/it/blog/2009/08/10/practical-information-security-strategy-for-secure-communication--video Employees need the ability to communicate securely.  Deploying the right capabilities can empower employees to keep the organization’s information more secure.  Matthew Rosenquist discusses a strategy to establish secure communication channels.   model risk matthew_rosenquist matthew rosenquist security information_security optimal_security strategy information communication threat agent attack value channel Mon, 10 Aug 2009 22:22:30 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/08/10/practical-information-security-strategy-for-secure-communication--video 2009-08-10T22:22:30Z http://communities.intel.com/community/openportit/it/blog/comment/practical-information-security-strategy-for-secure-communication--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12432 http://communities.intel.com/community/openportit/it/blog/2009/08/04/strategy-to-defeat-phishing-attacks--video Phishing is pervasive, evolving, and a serious threat to everyone.  Matthew Rosenquist discusses strategies to defeat phishing attacks.     Video 5:14 minutes rosenquist strategy security information phishing spear whaling threat agent attack value information_security optimal_security model risk matthew_rosenquist matthew Tue, 04 Aug 2009 16:56:23 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/08/04/strategy-to-defeat-phishing-attacks--video 2009-08-04T16:56:23Z http://communities.intel.com/community/openportit/it/blog/comment/strategy-to-defeat-phishing-attacks--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12414 http://communities.intel.com/community/openportit/it/blog/2009/07/31/fortune-cookie-security-advice--no-royal-road-to-security--july-2009 There is no Royal Road to understanding and achieving information security   Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote value concern matthew corporate_security analysis security information optimal model matthew_rosenquist rosenquist threat risk fear measure Fri, 31 Jul 2009 18:21:27 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/07/31/fortune-cookie-security-advice--no-royal-road-to-security--july-2009 2009-07-31T18:21:27Z http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice--no-royal-road-to-security--july-2009 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12405 http://communities.intel.com/community/openportit/it/blog/2009/07/31/the-greed-principle--video Greed drives behaviors of cyber attackers.  Matthew Rosenquist discusses the pain and benefits of the Greed Principle.         Video 3:29 minutes   Purpose of Security Programs information_security model security information greed threat agent attack value optimal_security risk matthew_rosenquist matthew rosenquist Fri, 31 Jul 2009 16:37:50 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/07/31/the-greed-principle--video 2009-07-31T16:37:50Z http://communities.intel.com/community/openportit/it/blog/comment/the-greed-principle--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12399 http://communities.intel.com/community/openportit/it/blog/2009/07/09/the-sad-story-of-information-security-risk-metrics Risk metrics are the heart and soul of information security indicators.  An increasing proliferation of tools and assessments has emerged, attempting to quantify states of information security.  Given the nature of what is trying to be measured, this is openportpromo rosi roi value information_security threat measure security optimal_security model risk matthew_rosenquist matthew rosenquist metric Thu, 09 Jul 2009 17:09:21 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/07/09/the-sad-story-of-information-security-risk-metrics 2009-07-09T17:09:21Z http://communities.intel.com/community/openportit/it/blog/comment/the-sad-story-of-information-security-risk-metrics http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12333 http://communities.intel.com/community/openportit/it/blog/2009/07/07/explaining-the-value-of-security-spending--video Measuring the Return on Investment (ROI) of information security is challenging but not impossible.  It is important to understand the necessary components and how they interrelate.  In this brief video, I discuss one way of expressing value in relation optimal_security roi matthew_rosenquist rosenquist openportpromo risk security value rosi information_security model Tue, 07 Jul 2009 17:30:27 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/07/07/explaining-the-value-of-security-spending--video 2009-07-07T17:30:27Z http://communities.intel.com/community/openportit/it/blog/comment/explaining-the-value-of-security-spending--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12326 http://communities.intel.com/community/openportit/it/blog/2009/06/23/can-optimal-and-flexible-security-be-mandated I was recently trading thoughts with Anton Chuvakin, a respected security metrics professional, in a philosophical discussion of perfection and quality of security.  Admittedly, I was on auto-pilot (operating without the benefit of coffee) rattling away model risk matthew_rosenquist openportpromo strategy optimal roi rosi information_security matthew security value optimal_security rosenquist Tue, 23 Jun 2009 17:03:35 GMT MatthewRosenquist http://communities.intel.com/community/openportit/it/blog/2009/06/23/can-optimal-and-flexible-security-be-mandated 2009-06-23T17:03:35Z http://communities.intel.com/community/openportit/it/blog/comment/can-optimal-and-flexible-security-be-mandated http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12287