http://communities.intel.com/community/openportit/it/blog IT@Intel Thu, 22 Oct 2009 18:48:22 GMT Clearspace 2.5.9 (http://jivesoftware.com/products/clearspace/) 2009-10-22T18:48:22Z http://communities.intel.com/community/openportit/it/blog/2009/10/22/how-to-value-digital-assets Russell C Thomas delivers a great post on How to Value Digital Assets .  It covers many basics and more importantly gives a good direction to take while spotlighting common pitfalls in the valuation journey. “This tutorial article presents one method security roi rosi information_security optimal_security model matthew rosenquist asset value risk matthew_rosenquist intel it it@intel Thu, 22 Oct 2009 19:05:38 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/10/22/how-to-value-digital-assets 2009-10-22T19:05:38Z 2 weeks, 4 days ago 2 http://communities.intel.com/community/openportit/it/blog/comment/how-to-value-digital-assets http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12736 http://communities.intel.com/community/openportit/it/blog/2009/10/20/are-billion-year-passwords-weak No.  Just the people who use them. Passwords of reasonable strength (8 characters or more consisting of upper/lower case and special keys) coupled with timely expiration, are secure.  Passphrases with comparable measures are equally secure.  The systems value information_security rosenquist it@intel password optimal_security model risk matthew intel it threat vulnerability security matthew_rosenquist Tue, 20 Oct 2009 22:45:20 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/10/20/are-billion-year-passwords-weak 2009-10-20T22:45:20Z 2 weeks, 6 days ago http://communities.intel.com/community/openportit/it/blog/comment/are-billion-year-passwords-weak http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12722 http://communities.intel.com/community/openportit/it/blog/2009/10/20/is-data-security-really-that-bad With a painful taste of irony, it was recently reported that the Ministry of Defense's (MoD) manual explaining how to prevent leaks, was itself leaked.  Source: The telegraph.co.uk   "The Defense Manual of Security is intended to help MoD, armed value information_security risk it@intel information roi rosi intel security model matthew rosenquist it data optimal_security matthew_rosenquist Tue, 20 Oct 2009 20:33:55 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/10/20/is-data-security-really-that-bad 2009-10-20T20:33:55Z 2 weeks, 6 days ago http://communities.intel.com/community/openportit/it/blog/comment/is-data-security-really-that-bad http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12720 http://communities.intel.com/community/openportit/it/blog/2009/09/10/can-low-tech-it-solutions-be-secure Thinking creatively, a South African IT company decided to use a low technology solution to complete a data transfer when their ISP network could not handle the job.  Typically, quick out-of-the-box IT solutions are rarely secure.  Smart technologists model threat security value information_security optimal_security risk matthew_rosenquist matthew rosenquist Thu, 10 Sep 2009 18:13:07 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/09/10/can-low-tech-it-solutions-be-secure 2009-09-10T18:13:07Z 2 months, 4 hours ago 1 http://communities.intel.com/community/openportit/it/blog/comment/can-low-tech-it-solutions-be-secure http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12535 http://communities.intel.com/community/openportit/it/blog/2009/08/10/practical-information-security-strategy-for-secure-communication--video Employees need the ability to communicate securely.  Deploying the right capabilities can empower employees to keep the organization’s information more secure.  Matthew Rosenquist discusses a strategy to establish secure communication channels.   model risk matthew_rosenquist matthew rosenquist security information_security optimal_security strategy information communication threat agent attack value channel Mon, 10 Aug 2009 22:26:28 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/08/10/practical-information-security-strategy-for-secure-communication--video 2009-08-10T22:26:28Z 3 months, 1 day ago http://communities.intel.com/community/openportit/it/blog/comment/practical-information-security-strategy-for-secure-communication--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12432 http://communities.intel.com/community/openportit/it/blog/2009/08/04/strategy-to-defeat-phishing-attacks--video Phishing is pervasive, evolving, and a serious threat to everyone.  Matthew Rosenquist discusses strategies to defeat phishing attacks.     Video 5:14 minutes rosenquist strategy security information phishing spear whaling threat agent attack value information_security optimal_security model risk matthew_rosenquist matthew Tue, 04 Aug 2009 16:58:55 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/08/04/strategy-to-defeat-phishing-attacks--video 2009-08-04T16:58:55Z 3 months, 1 week ago 1 http://communities.intel.com/community/openportit/it/blog/comment/strategy-to-defeat-phishing-attacks--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12414 http://communities.intel.com/community/openportit/it/blog/2009/07/31/the-greed-principle--video Greed drives behaviors of cyber attackers.  Matthew Rosenquist discusses the pain and benefits of the Greed Principle.         Video 3:29 minutes   Purpose of Security Programs information_security model security information greed threat agent attack value optimal_security risk matthew_rosenquist matthew rosenquist Fri, 31 Jul 2009 17:10:01 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/07/31/the-greed-principle--video 2009-07-31T17:10:01Z 3 months, 1 week ago http://communities.intel.com/community/openportit/it/blog/comment/the-greed-principle--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12399 http://communities.intel.com/community/openportit/it/blog/2009/07/09/the-sad-story-of-information-security-risk-metrics Risk metrics are the heart and soul of information security indicators.  An increasing proliferation of tools and assessments has emerged, attempting to quantify states of information security.  Given the nature of what is trying to be measured, this is openportpromo rosi roi value information_security threat measure security optimal_security model risk matthew_rosenquist matthew rosenquist metric Thu, 09 Jul 2009 17:27:47 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/07/09/the-sad-story-of-information-security-risk-metrics 2009-07-09T17:27:47Z 4 months, 3 days ago 1 http://communities.intel.com/community/openportit/it/blog/comment/the-sad-story-of-information-security-risk-metrics http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12333 http://communities.intel.com/community/openportit/it/blog/2009/07/07/explaining-the-value-of-security-spending--video Measuring the Return on Investment (ROI) of information security is challenging but not impossible.  It is important to understand the necessary components and how they interrelate.  In this brief video, I discuss one way of expressing value in relation optimal_security roi matthew_rosenquist rosenquist openportpromo risk security value rosi information_security model Tue, 07 Jul 2009 17:42:45 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/07/07/explaining-the-value-of-security-spending--video 2009-07-07T17:42:45Z 4 months, 5 days ago http://communities.intel.com/community/openportit/it/blog/comment/explaining-the-value-of-security-spending--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12326 http://communities.intel.com/community/openportit/it/blog/2009/06/23/can-optimal-and-flexible-security-be-mandated I was recently trading thoughts with Anton Chuvakin, a respected security metrics professional, in a philosophical discussion of perfection and quality of security.  Admittedly, I was on auto-pilot (operating without the benefit of coffee) rattling away model risk matthew_rosenquist openportpromo strategy optimal roi rosi information_security matthew security value optimal_security rosenquist Tue, 23 Jun 2009 17:51:04 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/06/23/can-optimal-and-flexible-security-be-mandated 2009-06-23T17:51:04Z 4 months, 2 weeks ago 1 http://communities.intel.com/community/openportit/it/blog/comment/can-optimal-and-flexible-security-be-mandated http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12287 http://communities.intel.com/community/openportit/it/blog/2009/06/16/fortune-cookie-security-advice-strategic-competitive-secure--june-2009 Think strategic.  Act competitive.  Be secure.   Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do security it@intel analysis secure matthew_rosenquist information_security openportpromo model threat optimal_security it value rosenquist strategy measure corporate_security intel_it risk Tue, 16 Jun 2009 21:12:49 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/06/16/fortune-cookie-security-advice-strategic-competitive-secure--june-2009 2009-06-16T21:12:49Z 4 months, 3 weeks ago http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice-strategic-competitive-secure--june-2009 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12277 http://communities.intel.com/community/openportit/it/blog/2009/06/12/strategy-for-sustaining-optimal-security Optimal security must not only be attained, but also sustained over time.  A good security strategy must be forward thinking to understand how intervention and continual maintenance will be needed, then implement those capabilities as part of a complete openportpromo it it@intel strategy model rosi matthew_rosenquist information_security corporate_security intel_it optimal_security roi security value risk rosenquist Fri, 12 Jun 2009 22:14:16 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/06/12/strategy-for-sustaining-optimal-security 2009-06-12T22:14:16Z 5 months, 1 hour ago http://communities.intel.com/community/openportit/it/blog/comment/strategy-for-sustaining-optimal-security http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12269 http://communities.intel.com/community/openportit/it/blog/2009/05/26/fortune-cookie-security-advice--may-2009 Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to fear corporate_security information_security measure optimal_security matthew_rosenquist openportpromo risk model analysis threat it value concern it@intel rosenquist intel_it security Tue, 26 May 2009 18:00:19 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/05/26/fortune-cookie-security-advice--may-2009 2009-05-26T18:00:19Z 5 months, 2 weeks ago http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice--may-2009 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12198 http://communities.intel.com/community/openportit/it/blog/2009/05/12/traps-of-measuring-security-risks We naturally take comfort in being able to quantify the vagueness of challenges in our existence.  This past week, I was again reminded the cup of information security is filled partially with the complexities of human perception and ambiguity of it@intel vulnerability risk threat information_security model matthew_rosenquist security rosenquist optimal_security analysis measurement measure openportpromo it intel_it Tue, 12 May 2009 20:29:15 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/05/12/traps-of-measuring-security-risks 2009-05-12T20:29:15Z 6 months, 1 day ago http://communities.intel.com/community/openportit/it/blog/comment/traps-of-measuring-security-risks http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12155 http://communities.intel.com/community/openportit/it/blog/2009/05/12/fortune-cookie-security-advice--april-2009 Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to it@intel model intel_it information_security openportpromo it security rosenquist strategy corporate_security threat attack attacker matthew_rosenquist risk optimal_security Tue, 12 May 2009 17:59:35 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/05/12/fortune-cookie-security-advice--april-2009 2009-05-12T17:59:35Z 6 months, 1 day ago http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice--april-2009 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12154