Top five information security blog posts

Here are my top five information security related blog posts of the moment

1) ID theft – Facebook and MSN exploited by Kai Roer. This is a great example of a malware infection resulting in a compromised Facebook account and the resulting damage that can be done. There are plenty of other Facebook related stories around at the moment including this one from the BBC who were able to create their own malware for compromising private data.

2) Stopping at compliance by Michael Farnham. Michael hits the nail on the head when he says “compliancy does NOT equal security.” I couldn’t have put it so well myself.

3) Evolving Schneier’s Security Mindset . An interesting discussion on the perception of risk. The question the risk analyst must answer however, is really “What is *probable*?”. And we should really belabor the point that “What is probable?” is not just a “Can it be done?” question.

4) Swiss Army Knife – The Personal Portable Security Device posted by Mark Diodati. This discusses what is, from my point of view, an exciting new class of authentication product for the corporate network. Well worth reading about.

5) ROSI – Security Returns? by C Warren Axelrod. Interesting because I’m more likely to take an opposite stance and argue against trying to demonstrate an ROI for security related investments. Frankly, I don’t think you can prove it.