Archive for June, 2008

What we’re reading, week of 6/30

Posted: June 30, 2008 by vpnhaus in Highlights

From Schneier on Security… Security and Human Behavior Bruce Schneier contributes this very thought-provoking post from the first “Security and Human Behavior” workshop, prompting a discussion of how perception and human psychology affect not only the way people assess their security, but the way security professionals devise solutions for problems. Schneier asserts that “[m]any real [...]

What we’re reading, week of 6/23

Posted: June 23, 2008 by vpnhaus in Highlights

From JJ’s Security Uncorked… Network Based Entitlement… A Rose by Any Other Name JJ reviews Rohati’s recently-announced “Network-based Entitlement Control,” drawing the conclusion that Rohati’s approach to NAC is no different than what can already be accomplished by traditional hardware solutions available.   From Emergent Chaos… Not quite clear on the subject This blogger corrects a [...]

Frank Cassano has written a series of posts at BlogInfoSec titled “Assessing Your Organization’s Network Perimeter” (see Part 1 and Part 2). We had a quick chat with NCP’s Rene Poot to get his perspective on Cassano’s analysis. Here’s what Rene had to say: What should be mentioned as (one of the many) details would [...]

What we’re reading, week of 6/16

Posted: June 16, 2008 by vpnhaus in Highlights

From Rational Survivability… Verizon Business 2008 Data Breach Investigations Report Christofer Hoff summarizes and comments on the results of a report culled from over four years and 500 forensic investigations performed by the Verizon Business RISK team. Interesting bits: 73% of breaches resulted from external sources, 83%  of attacks were not highly difficult, 85%  of [...]

What we’re reading, week of 6/9

Posted: June 9, 2008 by vpnhaus in Highlights

From Rational Survivability… Security Will Not End Up In the Network… Hoff showcases a graph of the cycles of security investment, to rebut the pronouncement that “security will end up in the network.” “There’s no end state,” he writes. “It’s a continuum.  The budget and operational elements of who “owns” security and where it’s implemented [...]