Risk Management with Stuart King and Duncan Hart

October 2007

  • The 10 deadly sins of information security management

    Stuart King - Reed Elsevier 31 Oct 2007
  • As the winter nights begin to close in, the family gathers around the fireplace for warmth and we'll tell each other stories. My current favorite is an old one entitled "the 10 deadly sins of ...

  • $10million supermarket scam

    Stuart King - Reed Elsevier 30 Oct 2007
  • I've heard some words of indignation expressed at the invitation of Frank Abagnale to speak at this years RSA conference. I understand the point of view - why should this convicted fraudster be ...

  • EDS & BSkyB - A lesson for us all

    Stuart King - Reed Elsevier 30 Oct 2007
  • A friend of mine has a cartoon strip on his desk where somebody asks "why are the two servers named Benson and Hedges?" The response is "Because that's what it said on the design document..." The ...

  • New PCI mandates

    Stuart King - Reed Elsevier 29 Oct 2007
  • Some new mandates from Visa released last week. Read the full bulletin here: https://www.computerworld.com/pdfs/Payment_Application%20Security_Mandates_9044159.pdf. Here's a summary

  • Consumer Products in Enterprise Networks

    Stuart King - Reed Elsevier 29 Oct 2007
  • How much risk is there associated with taking consumer products into our enterprise networks? Should we just say no? I think that to do so would not be a good strategic approach because many such ...

  • Data leaks - what can we do?

    Stuart King - Reed Elsevier 27 Oct 2007
  • I've been giving a lot of thought to the subject of data leakage and associated risks to the business. The problem we have right now is getting a handle on all the different vectors that data ...

  • Back to Earth

    Stuart King - Reed Elsevier 27 Oct 2007
  • In Futurama, Fry wakes up in the year 3000 and finds himself in a strange new world where the technology is baffling, yet exciting. That's sort of how I felt wandering around the Microsoft campus ...

  • Personality in Security

    Stuart King - Reed Elsevier 26 Oct 2007
  • A panel session at the RSA conference has suggested that "it is just as important to recruit on the basis of personality as it is to find someone with the right technical qualifications" for ...

  • AppExchange Update

    Stuart King - Reed Elsevier 25 Oct 2007
  • Thanks to James Penfold from SalesForce.com who has made me aware that there is an updated program relating to the AppExchange certification process I mentioned a couple of blogs ago. This can be ...

  • Opinion on the veto of AB779

    Stuart King - Reed Elsevier 25 Oct 2007
  • I wanted to take an opposing view to David Lacey's blog on California's veto of AB779 - the bill to make a version of the PCI standard into State law. David's view is that "in the absence of tough ...

  • SFDC - AppExchange Certification Process

    Stuart King - Reed Elsevier 25 Oct 2007
  • I was chatting to a techie from SalesForce.com a couple of evenings ago and questioning him about the processes in place for ensuring the security of applications posted on their AppExchange. It's ...

  • Microsoft Security Intelligence Report

    Stuart King - Reed Elsevier 25 Oct 2007
  • The Microsoft® Security Intelligence Report (January–June 2007) provides an in-depth perspective on the software vulnerabilities (both in Microsoft software and in third party software), software ...

  • Is security a "should" or a "must"

    Stuart King - Reed Elsevier 23 Oct 2007
  • From the book "Zen and the Art of Information Security" by Ira Winkler.When security is a should, people will tell you that security is secondary to business concerns. The security staff ...

  • Latest on application security

    Stuart King - Reed Elsevier 22 Oct 2007
  • I make no secret of the fact that my first interest in security is around the online product side of things. So easy to get completely wrong and the same old lessons are continually being relearnt. ...

  • More on ROI

    Stuart King - Reed Elsevier 21 Oct 2007
  • I wanted to follow on the same theme as my previous blog and look more at issues of justifying spending on information security. One of the difficulties might come from whether your organisation ...