Often, as security professionals, we tend to blame our users. Not all people are security aware and take the right decision when facing a potential security issue. Yes, we know: they click, they open, they answer questions, they trust, …
Tag: Business
Repression VS. Prevention
This morning, I retweeted a link to an article (in Dutch) published by a Belgian newspaper. It looks that Belgian municipalities (small as well as largest) which do not properly secure their data could be fined in a near future! Public services  manage a huge amount of private data about us. They
No Customers Were Harmed In This Attack…
I don’t know if you already noticed but it looks to be a never-ending story: Companies got pwned and data leaked on the Internet pastebin.com. Then starts the game of press releases… Most companies try to reduce the impact of the breach they suffered and it looks like Holliwood movies
There is no Place for a Kindergarten in Security
If you have children, you have for sure already faced the following situation just after they messed up. Oh, the joy of seeing them denouncing and pointing at each other with classic expressions like “It’s not me, it’s him!“. Of course, you did not see what happened and children do
Zen Attitude!
The coming days will bring a special atmosphere. Christmas and the New Year days are a good occasion to relax and… to take good resolutions! For people involved in information security, a good one could be to adopt the “zen attitude” and try to establish more diplomatic relations with the
Be the Conductor of Your Security!
I’m visiting organizations and companies for miscellaneous projects and I’m often scared by the lack of “visibility” they have on their infrastructure. For years now, new components have been deployed by pure requirements or (honestly) by the business “pressure”: Firewalls, IDS/IPS, (reverse)proxies, WiFi, SSL VPNs, etc. All those solutions, hardware
Is the SIEM Landscape Changing?
If you follow the IT news feeds, you probably learned today that HP bought ArcSight for $1.5 billions. ArcSight is not a known public name but is a leader on the SIEM (“Security Information & Event Management“) market. This announce already generated lot of comments, positive as negative. Log management,
Use the Right Tool!
A well-known expression says “The right people at the right place!“. I would like to extend it to the security perimeter, saying “Use the right tool at the right place!” or “Use the right tool for the right purpose!“. Today’s security landscape is extremely large so complex! Lot of raptors
Compliance: a Marketing Argument?
I received yesterday a mail spam about a commercial SSH solution. The mail presented their product like this: “Find out how SSH can ease the burden of PCI DSS, SOX and other mandates and IT audits with a robust data security solution used by millions worldwide! <deleted name> delivers unparalleled
You’ve a SIEM? And Now?
“Log Management”, “SIEM”, “Correlation”, “Incident Management”, more and more organizations have a SIEM project in the pipe. SIEM means “Security Incident & Event Management“. Just to remind you, a SIEM is a set of tools which helps to collect and analyze logs from several sources on a corporate network. Basic