Why Data Breaches Don’t Hurt Stock Prices.
In short: because there is no reliable metric to make the impact transparent to shareholders and customers.
“I’ve seen things you people wouldn’t believe.”
https://instagram.com/p/1GOQ2Kunsw
Blade Runner Reality (@bladerunnerreality).
via Daring Fireball.
Krisenmanagement und Versicherbarkeit von Cyberrisiken
Ein Vortrag zum Thema Cyber-relevante Bedrohungen und Krisenmanagement im ‘innovationswerk’ des Munich Network.
Beginn: Donnerstag, 23.04.2015 um 08:00.
Anmeldung hier.
A quick overview.
In preparation of Django 1.8, the contrib package formtools was released as a stand alone package.
Bruce Schneier comments the CA system is broken.
Das Blog, das, neben Don Alphonso, radikaler als ein Salafisten Forum ist, und allen Internet-Nerds Medienkompetenz vermittelt, wird heute 10 Jahre alt.
The purpose of security software is to make other software more secure. This is what the security industry claims, sometime with legit arguments, sometime the industry tries to chase unrealistic ideals, as a recently linked article suggest.
And I couldn’t agree more. The security industry approaches the problem from the wrong end, most of the time. With keeping in mind the principles of security, Integrity, Availability and Authenticity, security software helps mitigate threats in the class of Vulnerabilities, Exploits and malicious software and payloads. Products available to purchase can be considered in classes of, Encryption (Integrity and Authenticity), for data in rest (disk encryption, file encryption) or for data in transit (VPN or protocol encryption). Backup is clearly saving Availability, but most companies in the security industry consider this a different topic. Then there are products to limit access, e.g. Network Layer Firewalls, which have a very distinct functionality. Up to here, things are very clear and deterministic. When it comes to Application Layer Firewalling, e.g. Web Application Firewalls things start to get fuzzy.
Products that aim to protect from any unknown threat, malware or payload, like Anti Virus, Anti Spam, Intrustion Prevention and even Vulnerability Scanners, provide information that is know already.
Now that a particular exploit is know, protection for it can be provided in two distinct locations: the vulnerable software can be patched to remove the problem. Or, what the security industry offers, have another piece of software in place that tries to protect from something that is known already. And with that, raising system complexity and opening another vector for vulnerability.
The sustainable approach is to invest in secure software and architecture, that has built in encryption, authentication and redundancy. This is something the security industry can provide as technology vendors, rather than chasing the magical unicorn.
Notifications