Home > Intel Communities > Open Port IT Community > IT@Intel > Blog > Tags > model
Up to Blog Posts in IT@Intel
1 2 3 4 Previous Next

IT@Intel Blog

59 Posts tagged with the model tag
Matthew Rosenquist
0

Everyone wants information security to be easy. Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

Common Sense

I think the key to fortune cookie advice is ‘common sense’ in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Fortune Cookie advice for December:

Be mindful of the security message you deliver to your customers and how it is interpreted

Rallying your populace to be security savvy is a worthwhile investment and must be approached with the appropriate diligence. It is not enough to haphazardly deliver security information and walk away. If it is perceived as ‘junk-mail’, it will be treated as such. Information security must be understood and applied in order to make a difference. This embrace will only occur if the audience understands not only the message, but also why it is important and the overall context. Every good communication program draws in the audience by letting them know how it applies and benefits them.

If we want to be successful, we have an obligation to understand what is being absorbed and how it is being interpreted.

Andy, ITGuy has a great post (check out the picture for a good laugh).

“How we communicate our security plans has to be in a way that the user will understand and that will make them want to work with us”.  This is key, as ultimately it is a partnership between dedicated security folks and the organization they protect.

Additionally, Mike Rothman has some great follow-up comments which I think nails the right perspective:

“effective communication is based upon the perception of the person on the other end”. Sounds basic, but how often do we ignore this fundamental principle in our rush to deliver our message?

If you are interested in good security insights, consider subscribing to Andy,ITGuy and Mike Rothman’s blogs. They mix perspective, humor, to timely issues.

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

Fortune Cookie Security Advice - November 2008

Fortune Cookie Security Advice - September 2008

Fortune Cookie Security Advice - August 2008

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - May 2008

0 Comments Permalink Tags: model, matthew_rosenquist, rosenquist, defense_in_depth, information_security, optimal_security, security_training, communication, corporate_security, security, value
Matthew Rosenquist
0

Most security programs show value by either reducing the number of incident occurrences or reducing the impact of those incidents.Understanding where a program draws its value and how it fits in a defense-in-depth strategy, gives insights to where it can be maximized for optimal benefit and raise flags when expectations are mismatched with function.

 

Occurrence and Impact

Simply put, security incidents happen and they cause discomfort. Effective programs will either affect the number of times they occur and/or will lessen the negative impact. These aspects of Occurrence and Impact are important when we look at the complexities of measuring security value in the real world. It is a basic first step, but this type of framing establishes boundaries and clarifies expectations.

 

Once understood, it may be possible to measure the effectiveness to a level which determines general value and applicability. It can paint an important piece of the picture showing how the collection of security programs provides coverage to the landscape of attacks. Additionally, the big picture can identify inefficient duplications of security services.

 

Do all security programs manifest value in this way? No. Some efforts are tailored to meet regulatory, ethical, or emotional needs. For those types of initiatives, this general framework has limited applicability to measure value.

 

Intersection of Defense-in-Depth

The diagram below is an overlay of the Occurrence/Impact domains with the Defense-in-Depth categories as they intersect a typical attack lifecycle.Mapping security capabilities, tools, and services will show coverage and gaps for different types of attacks.

 

How Security Programs Reduce Losses from Cyber Attacks1.jpg

 

Defense in Depth Information Security Strategy

Information Security Defense In Depth Whitepaper is Now Available

0 Comments Permalink Tags: security, roi, value, rosi, information_security, defense_in_depth, optimal_security, model, risk, matthew_rosenquist, rosenquist
Matthew Rosenquist
0

Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

Common Sense

I think the key to fortune cookie advice is ‘common sense' in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 

Here is my Fortune Cookie advice for November:

 

When it comes to employees and how securely they use their system, "trust, but verify".

 

We give them tools, harden their software, teach them good security practices, and reward them for safe behaviors. But end users may still cause great harm to their computers and more severely, the organizations data, systems, and operations. Trust must exist, but every security pro worth his salt, is paranoid with good reason.

 

It is not practical to wall out our own users. Some level of trust must exist. I believe the right balance for most organizations which maintain mature foundational controls, is to “trust, but verify”.

 

Made famous by former US President, Ronald Reagan, this quote was applied to situations where another party possesses the capability to do harm but agrees to refrain, for the greater good. Trust they will act appropriately, but maintain diligence to validate.

 

In the information security world, we too can strike the balance of security and functionality by allowing end users access to do their work effectively, while maintaining verification controls to insure they are not causing themselves or others unacceptable harm. This is no substitute to good training, security awareness, security tools, etc. as part of preventing undesirable events. But detection capabilities are a key element to a good defense in depth security program, which can allow more of a tradeoff between risk and productivity.

 

 

 

 

 

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

 

 

 

Information Security Defense In Depth Whitepaper is Now Available

 

 

Fortune Cookie Security Advice - September 2008

 

 

Fortune Cookie Security Advice - August 2008

 

 

Fortune Cookie Security Advice - June 2008

 

 

Fortune Cookie Security Advice - May 2008

 

 

Deconstructing Cyber Security Attacks - Threat Model

 

 

Defense in Depth Information Security Strategy

0 Comments Permalink Tags: security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist, policy, defense_in_depth, threat
Matthew Rosenquist
0

Intel developed a defense-in-depth strategy to optimize information security using interlocking prediction, prevention, detection and response capabilities. It is a structure designed to support consistent and comprehensive security controls throughout the organization while allowing flexibility needed to manage risk.

 

 

 

It promotes continual improvement, maturity of security services, and adaptability to evolving threats. At Intel, proliferation of the defense in depth methodology has resulted in more efficient business decisions. The fundamental aspects allows for consolidation of support resources, helps highlight alternative methods for managing risk, aligns programs across environments, and keeps focus on achieving optimal security.

 

 

Download the whitepaper: Defense In Depth Strategy Optimizes Security

 

 

Defense in Depth Information Security Strategy

 

The Problem of Measuring Information Security

 

Getting a Return on IT Security Investment

0 Comments Permalink Tags: information, security, information_security, optimal_security, defense-in-depth, defense, depth, whitepaper, strategy, model, risk, matthew_rosenquist, rosenquist
Matthew Rosenquist
0

Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

Common Sense

I think the key to fortune cookie advice is ‘common sense' in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 

Here is my Fortune Cookie advice for September:

 

In information security, like in sports, knowing your adversary is far more important than knowing the condition of the field.

 

 

 

 

Information security is an adversarial pursuit. It all begins with threat agents, those people who will negatively affect your organization. Some are malicious, others are not. The key is they are living, breathing opponents whose motivations drive actions which cause loss. They learn, adapt, and change as they seek their objectives.

 

Know your threats. This is an important first step. Knowing all your vulnerabilities is fine, but secondary in importance.

 

For those who are malicious, understand what they target and the likely methods they will employ. Only then can the vulnerabilities be narrowed to show the most probable exposures. This prediction gives the security professional a focus on what to protect, how best to monitor, and preparations necessary to respond when needed.

 

 

 

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

 

 

Fortune Cookie Security Advice - August 2008

 

 

Fortune Cookie Security Advice - June 2008

 

 

Fortune Cookie Security Advice - May 2008

 

 

Deconstructing Cyber Security Attacks - Threat Model

 

 

Defense in Depth Information Security Strategy

0 Comments Permalink Tags: threat, security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist, policy, defense_in_depth
Matthew Rosenquist
0

Everyone wants information security to be easy. Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

Common Sense

I think the key to fortune cookie advice is ‘common sense’ in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 

Here is my Fortune Cookie advice for August:

 

Security policy is like a seatbelt. It will not protect you every time, but it is guaranteed to fail if you choose not to use it.

 

No security policy is perfect. In fact, it should be a continuously evolving body of work which is improved as the industry changes and learns. The biggest challenge is not the exactness of the policies; rather it is the awareness and consistent adoption by the employees. An appropriate level of effort must be directed at the successful marketing and support by the target audience.

 

It may not be sexy, but policy can empower the Management support and maintenance of policy are key factors in leveraging this tool. Clear and straightforward verbiage coupled with sufficient marketing saturation can deliver necessary awareness to affect behaviors. With employee support of security principles, an organization takes a great step forward in achieving an optimal security posture.

 

 

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

 

 

A Company’s Greatest Security Threat and Asset

 

 

Fortune Cookie Security Advice - June 2008

 

 

Fortune Cookie Security Advice - May 2008

0 Comments Permalink Tags: security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist, policy
Matthew Rosenquist
8

Recently, security expert Bruce Schneier expounded security ROI figures were meaningless! Is it true? Well, yes and no.

 

The brutal truth.

Well respected information security expert Bruce Schneier recently provided a stark opinion regarding the value of ROI's.

Follow this link to see the story:

http://www.zdnetasia.com/news/security/0,39044215,62037905,00.htm

 

 

 

In brief, Bruce stated security because numbers can be manipulated to justify anything.

He explained that the amount spent on a product can change significantly by simply playing with the equation.
"If the chance of you being attacked is one in a million and I change it to one in two million... I have halved the amount of money you should spend.
"I can make an ROI model say whatever I want. I could justify or not justify anything based on these very, very rare and very, very damaging events," he said.

 

Tell me it is not true!

I believe Bruce is both right and is delivering a message which is a little incomplete. His general message is accurate and shocking enough to garner the right level of attention. Most of the information security ROI's I have read were speculative, could not be validated, were impossible to reproduce, and had great latitude to provide results which benefit the desires of the author. Nowadays audiences are being provided ‘information' under the auspices of ‘fact', when in reality they are more of an opinion. Such valuation assessments are based on qualitative data versus quantitative metrics.

 

I blogged about the The Problem of Measuring Information Security back in August 2007

 

Awareness must be raised. I applaud Bruce in helping to make this happen. His message, as brutal as it sounds, is bringing to light a shadowy area in our industry. I think the follow-up message for audiences is to scrutinize and apply common sense to any ROI they come across. Understand the methodology and if it makes sense in their context. Lifting the curtain can quickly reveal a puppet master pulling the strings to artificially show value.

 

Like Bruce, I too have a jaded perspective. I have seen some WILD ROI's. Much of what I have read from security vendors is pure folly. However, just because most are fiction, it does not mean all methodologies are without merit.

 

Intel published a Whitepaper - Measuring the Return on IT Security Investments which is applicable to some situations. This method, far from being a silver-bullet, is a good start and has proven its truthfulness.

 

For any method, the accuracy should be scrutinized. Can it be validated, repeated? Was the method exclusively developed solely for self serving purposes from someone trying to sell something shiny? Does it make sense? These are the questions I ask myself.

 

On the bright side, many bright sharp people are working very hard to make the industry better and develop more rigid processes to insure both accuracy and confidence.

 

In the end, there is much work to be done in the information security valuation space. In the meanwhile, savvy consumers should be aware of the challenges and dive deeper into prospective ROI's and determine if they are ‘meaningless'.

8 Comments Permalink Tags: model, risk, matthew_rosenquist, rosenquist, security, roi, value, rosi, information_security, optimal_security
David Buchholz
0

As I sit back and think of some of the newer technologies we have looked at recently, I find myself wondering if IT is in the never ending cycle of re-inventing the wheel. What I mean by this is sometimes it seems as if we continue to try and re-engineer everything to make it fit our environment or how we think it should work. When viewing newer technologies, usage models and trying to pass data off to other groups the phrases I think I hear the most are, “That will never work in our environment,” or “If we can get them to change this, this and this, we may be able to use it here” or my favorite, “This will never be secure enough for us to use it as it exists”. While these may be valid assessments against the way we do things today, the big question is: should we be pushing ourselves to look for new ways of doing things? Five years ago, employees preferred to use their machines and software loads supplied by IT because they were more powerful or feature rich than anything they had at home. But in today’s society, people have higher end machines at home than IT supplies them. They also use newer technologies that are usually off limits or not supported by IT. Think of some of the tools we use today, such as this blog or even instant messaging. These technologies exist in our corporate environment because we saw people using them at home and brought them into our corporate environment. It wasn’t something that IT created and people took home to use. So with so many of these newer technologies out there, should we keep pushing to make them adapt to our IT world, or should we start pushing IT to start adapting to new models. We take umbrella approaches to everything today. Total security of the platform, instead of trying to reduce the footprint we have to manage. We look for solutions that will cover the majority of the users, versus what may be right for smaller enclaves. We place several management clients on the platform to perform numerous tasks instead of using native components or reducing some of the redundant requirements we have. Moving forward, the next generation of workers will expect businesses to offer familiar technology and won’t accept tradition as an excuse. IT shops need to provide workers with “cool” ways to work. If they don’t, they risk becoming obsolete.

0 Comments Permalink Tags: it, value, innovation, generation, usage, model, alternate_compute_models
Matthew Rosenquist
1

Can an organizations greatest security asset also be its most serious threat? Yes it can.

 

 

 

 

 

The Greatest Asset

I manage information security for Intel’s mergers and acquisitions. Recently, I was evaluating an acquired company and delivering information security training to our newest employees on their collective hire date. As I was presenting the fundamentals of how to keep the company, their work, and our industry safe from cyber threats, an important security maxim was exemplified.

 

In interacting with the audience, I understood how they were accustomed to conduct business, the scope of information they handle on a daily basis, and their views on the value of security. I began to emphasize how the employee base was the greatest asset to information security and the combined force of a well informed, properly trained, and security savvy workforce dwarfs the efforts of the dedicated security staff. My recruitment speech sunk in and their faces glowed with pride. I saw a bit of excitement from the audience, that of empowerment and newfound responsibility. I was setting them up. Although absolutely true, a few slides later in my presentation I unveiled the stark reality.

 

 

 

The Greatest Threat

I asked to my newly recruited security champions what the greatest threat to the company was. Amid different answers, I revealed that THEY were the greatest threat. Not just them, but the entire workforce. The glow in their faces dimmed a bit. How can this be? How can our employees be both the greatest asset and the worst enemy in the cyber warfare trenches? They were shocked. They were dumbfounded. They were intrigued. I gave a dramatic pause. It is not often people are captivated by the boring and bothersome topic of information security. I savored the moment.

 

The real battlefield is in hearts and minds of employees. These new employees, more than any, represent the greatest challenge. They are accustomed to their previous ways, inundated with new-hire information, and are not familiar with the security expectations of their new corporate parent. Security policy is a distant concern on their first day. Every subsequent day, the separated cluster of workers will not benefit from the social reinforcement of good security practices as they are distanced from the collective body of experienced employees who exhibit secure behaviors.

 

We discussed how apathy, laziness, and circumventing policy for a quick gain, can cause significant weaknesses in security. Every employee has a responsibility to be secure and reinforce those fundamentals with their peers. A single employee through malice or carelessness can cause more damage than a legion of hackers. They must decide, through their actions, if they are the security marshals or the villains of the story. The battle is with the mindset of the employees. The finest security policy is worthless in the hands of an apathetic workforce.

 

In the end, the discussion was a success. It was not just training; it was an interactive dialogue talking to what is important and how every employee, now including them, work as a team to be Intel’s greatest security asset.

 

 

 

So, who do you market to?

1 Comments Permalink Tags: security, value, policy, threat, security_threat, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist
Matthew Rosenquist
0

I was recently asked to pull together a quick list of key information security learning's for Mergers & Acquisitions (M&A). This year I assumed responsibility for information security of Intel's M&A programs. M&A work is typically frantic, unpredictable, and ambiguous, involving the brightest engineering and integration management talent. It demands great flexibility and willingness to rapidly adapt creatively to emerging problems. This work is basically a recipe dreaded by us entrenched security types, who like the controllability of consistent, predicable, and structured activities. It can press the boundaries of good security practices and test the mettle of the strongest security organizations.

 

 

 

 

Top 5 Key Learning's for M&A Information Security

    1. Security does not happen by default. As the complexities of divestitures emerge, smart people aggressively move to solve problems and security is likely not a consideration. Information Security must be involved both at the early planning stages and stay engaged until the last tactical maneuver is completed

    2. Profiling the data is key. Knowing what data is involved, it's sensitivity, who has logical/physical access, and where it is physically located is necessary. It will be needed to insure regulatory, legal, and IP confidentiality protection

    3. Technical and Behavioral considerations must be incorporated to prevail. Neither must be ignored, and in most cases the combination must be applied to every issue where information security is at risk. A security savvy M&A team is the first step to highly effective results

    4. Logical and physical security aspects cannot be separated. Information security professionals can easily overlook the physical security factors which can jeopardize the confidentiality, integrity, and availability of the business just as logical based threats

    5. Great attention must be paid to data retention, transfer, and destruction. ‘Deal data' can be a vague and changingconcept which may be interpreted differently over time, especially in larger deals. Understanding the scope, expectations, and commitments is a necessity

 

After reviewing the list, I had an interesting observation. It occurred to me there was a glaring omission. The unwavering support of information security by management is absolutely crucial. To be honest, I left it out as I am spoiled. The Intel culture and chain of management is very supportive of information security. So for those of you less fortunate, add it to the list.

 

 

 

 

Feeling a little M&A&D...or, blogging on IT aspects of Intel's mergers, acquisitions and divestitures programs

0 Comments Permalink Tags: security, mergers, acquisitions, m&a, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist
Matthew Rosenquist
2

Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

 

 

 

Common Sense

I think the key to fortune cookie advice is ‘common sense' in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 

 

 

Here is my Fortune Cookie advice for June:

A perfect security program does not make your environment invincible! It would be astronomically too expensive. The 'perfect' security program achieves the optimal balance of spending, loss prevented, and acceptable losses (residual loss).

 

 

 

Now if I can just figure out how to stuff these little cookies...

 

 

Am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

 

 

Fortune Cookie Security Advice - May 2008

2 Comments Permalink Tags: security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist
Matthew Rosenquist
0

Measuring the value of information security programs is difficult and a problem for the entire industry. In the second of the three part series, Intel discusses a practical approach to determine value of information security initiatives. Intel security professionals Tim Casey, Enrique Herrera, and Matthew Rosenquist discussed the success of Intel’s security value methodology outlined in the Whitepaper - Measuring the Return on IT Security Investments

 

 

 

Listen to how Intel utilizes this strategy as one means to measure the value of security programs. The whitepaper is available for download.

 

The 30 minute discussion can be replayed here:

 

 

 

 

The last of the three part series, Future State of Security Measurement, will occur on Wednsday June 4th. Everyone is welcome to participate or just listen in. Details can be found here:

http://communities.intel.com/openport/blogs/it/2008/05/12/how-do-you-measure-something-that-doesnt-happen

0 Comments Permalink Tags: security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist, radio, whitepaper, tim_casey, enrique_herrera
Matthew Rosenquist
1

Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

 

 

Common Sense.

I think the key to fortune cookie advice is ‘common sense' in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 

 

 

Here is my Fortune Cookie advice for May:

Two types of victims exist...
Those with something of value, and those who are easy targets.
Therefore: Don't be an easy target, and protect your valuables.

 

 

 

Now if I can just figure out how to stuff these little cookies...

 

 

 

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

1 Comments Permalink Tags: security, roi, value, rosi, information_security, optimal_security, model, risk, matthew_rosenquist, rosenquist
Matthew Rosenquist
3

Good security conversations benefit all involved. The more we share, discuss, and challenge each other, the more we advance our industry. Thankfully, I have the benefit of working closely with a brigade of information security professionals and we banter at every opportunity, for the sheer pleasure and insights. In that same spirit, we hosted our first Blog-Talk radio session. This was a general discussion of the problems of measuring security.

 

 

 

 

 

 

The 30 minute discussion can be replayed here

Two other internet chats are planned. Everyone is welcome to participate or just listen in. Details can be found here.

3 Comments Permalink Tags: security, roi, value, measure, rosi, information_security, optimal_security, model, risk, tim_casey, matthew_rosenquist, rosenquist, casey
Matthew Rosenquist
3

Crazy as it may sound, digital appliances and accessories can infect your computers with viruses and worms. It is happening more and more. Although not near a tipping point, an evil cloud is rising.

 

 

 

 

 

Unlikely Threats

It is concerning enough we have to worry about USB drives, WiFi hotspots, mobile phones, PDA's, printers, email attachments, file downloads, search engines, and surfing just about any website. But now we must keep a suspicious eye on our new net-enabled refrigerator, digital picture frames, music playing sunglasses, and even the toaster.

 

 

Recent articles shows how consumer devices integrated with network enabled computers are sources for malware infections. It is not shocking software CD/DVD's, or USB Drives might have nasty code lurking. Suspicion is the norm anytime we are connecting or installing something directly to our trusty computer. In those situations, we take proper precautions. But what about media players, GPS devices, and most recently wireless digital picture frames? These devices may not directly connect via traditional cable. Does the average consumer realize when they flip the power button they may be turning on a wireless device infected with malware seeking to infect anything within range?

 

 

 

 

The toaster is out to get you!

It is not just the geek toys anymore. Not to long ago, an enterprising individual took it upon himself to hack a regular toaster, just to prove it could be a source of malware. A toaster! Very impressive, but what is next?

 

 

As computers are integrated into everything and are being upgraded with more power and connectivity, the threat landscape grows. Our cars, major appliances, personal electronics, accessories, and even clothing are potentially at risk. We are dragging these items into the digital world and in doing so, overlaying cyber risks on them.

 

 

Although not widespread, more and more stories are emerging and the list of products grows longer. At some point we will be forced to re-evaluate the standard threat categories to include some non-traditional vectors. Personally, I am waiting for shoe manufacturers to implant computers in their products so we can have "walk-by attacks". Can't wait.

 

 

 

Some news reference links:

http://www.securityfocus.com/news/11499

http://www.pcworld.com/article/id,141295-pg,1/article.html

http://www.theregister.co.uk/2008/01/14/sans_threat_list/

3 Comments 0 References Permalink Tags: optimal_security, model, risk, matthew_rosenquist, rosenquist, threat, vulnerability, security, information_security
1 2 3 4 Previous Next

Popular Blog Posts