“Swine Flu”, what a hot topic! The disease continues to progress and infects more and more people every day. Medical experts estimate an exponential number of new cases due to the summer period: We travel more across countries for holidays and meet more people, increasing the risk to catch the
Category: Business
Tell Me How You Work and I’ll Monitor You!
Today, I read an interesting story in Datanews, a Belgian IT newspapers. To briefly resume, “Company A”, the customer, complains about “Company B”, the telecom operator, which installed a telephone central at the first one premises. During a weekend, hackers took control of the system and used it perform calls
Unsafe Customer Data!
I received the following e-mail yesterday. It came from a Belgian e-commerce website. It’s a company active in a very specific out-door activity (no name here, but if they are other customers reading my blog, they will for sure recognize the format). The customer base is restricted (but international). Sorry
What’s a Valid Evidence?
The following case happened in France: A Court of Cassation rejected a simple data file as an evidence. The evidence proposed by one of both parties was a data file with information about an e-mail transmission (a log?) send from company A to company B. According to the Court, the
Monitoring: The Right Info at the Right Place
When I talk to customers about monitoring, they often have a vague idea about the way to implement a solution. Monitoring must be part of your security policy. Your tools (whatever the product you choose – no name here) must help you to stick to the CIA principle: Confidentiality (to
What if… or Crisis Management
Back from the ISACA Belgian Chapter meeting. Today’s topic was “Crisis Management”. As usual, very interesting and lot of experiences shared between the participants. What first emerged from the meeting was the different types of definitions companies have of a “crisis”. For some of them, a crisis must be fixed
Stupid Email Disclaimers
This page about e-mail disclaimer is quite old but remains up to date. Today, all major companies attach disclaimers to their outgoing e-mails. Usually, nobody takes time to read them. You should! Some of them are really funny to not say stupid. Most of the time, disclaimers have a legal
ISACA Belgian Chapter: Introduction to the SCOR Framework
Today, I attended the first ISACA Belgian Chapter meeting of 2009 about the SCOR framework. SCOR means “Supply Chain Operations Reference” (more information here). It’s a framework and best practices (not an audit methodology) to help enterprise to increase performance and reduce risks of their supply chain. Basically, there are
New Corporate Laptop Setup
I got my new corporate laptop today, a Dell Latitude E6500, very nice computer. Working as a security consultant, I’m always on the road, connecting my laptop on customers or evil (free Wi-Fi access point or conference) networks . Fortunately, my company allows consultants, if they want, to manage their
Cc: Party or the Right Way to Use Email
I just received an official e-mail from a security appliance manufacturer. The message was an official communication about their products line. End of 2008 (almost 2009!), I’m really surprised how this communication was handled! First, a Word document was attached to the message. Why? Word documents may carry viruses or