November 10, 2006 - #154

Good Morning:
Shhhh! Can you hear that? No? Good neither can I. That is the sound of silence in my house as my wife took my oldest one away for the weekend and the twins are in school. It's a Daddy weekend (for the twins anyway) and I'm looking forward to that. It's funny, I really enjoy my solitary time. But you do get used to the chaos of having a lot of activity and mayhem around you most of the day.

In security-land, I can only hope that our next import from the UK will be ISP responsibility (here [0]). The vociferous few (in that great British accent) are calling for the ISPs to take responsibility for DDoS attacks. Here here. Boddington's on me!!! Next (here [0]) I want to rail on the so-called "site certifications" like HackerSafe, SecurityMetrics, and one certain former employer of mine (TruSecure/CyberTrust). A questionnaire and a vuln scan does not give me comfort that my data is safe. But I guess like the TSA show at your local airport, these little seals put on a show that someone cares about security (at least enough to pay a couple hundred bucks to go through the process). But don't be misled, there is only a slight correlation between these programs and data protection.

In blog-land, Michael Wright misses the old days when worms roamed the earth and security was easy (here [0]). I don't. Now we see who has talent and who is a pretender. Who can talk business and who can't. Sure it's harder, but what fun is it if it's easy? But maybe that's just me. Looks like Stiennon is using his NetworkWorld pulpit (here [0]) to rail on pre-admission NAC (again). Shocker! But we've already played that one out here in blog-land and nothing I'm seeing is changing my opinion that both pre- and post- are important.

Have a great weekend.

Technorati: Information Security [1]

Top Security News

http://www.newscientisttech.com/article/dn10494-isps-should-be-responsible-for-hacker-attacks.html [2]
Link to this [2]

http://www.eweek.com/article2/0,1895,2054615,00.asp?kc=EWSTEEMNL110906EOAD [3]
Link to this [3]

http://weblog.channel-marker.com/?p=43
[4]Link to this [4]

http://www.etfdigest.com/index.php [5]
Link to this [5]

http://www.informationweek.com/story/showArticle.jhtml?articleID=193700219 [6]
Link to this [6]

http://securityincite.com/blog/mike-rothman/cisco-takes-it-to-the-next-level [10]

Coming Soon: The Pragmatic CSO
I'm really excited to announce my upcoming book, the Pragmatic CSO: 12 Steps to Becoming a Security Master. Security hasn't really gotten better, and most security professionals are totally overwhelmed and having a hard time putting in place a program to be strategic, as opposed to firefighting. So the Pragmatic CSO is the Security Incite methodology for "doing" security, allowing you to focus on what's important and show value to the folks that write the checks. There will also be a web community and training programs to support the book as well. You can check out the Pragmatic CSO teaser site here [11].
http://securityincite.com/blog/mike-rothman/coming-soon-the-pragmatic-cso [11]

Year-end webcast and seminar promotion
In order to support (and properly evangelize) the Pragmatic CSO, I want to be speaking anywhere and everywhere about pretty much anything related to information security. To do that, I'm making it very attractive for vendors and associations to book my talking head for the first 6 months of 2007. Check out the promotion and sign up quick, since the promotion only lasts until the end of the year, and I expect slots will be going fast.
http://securityincite.com/blog/mike-rothman/year-end-webcast-and-seminar-promotion [11]

Read yesterday's Daily Incite
http://securityincite.com/TDI-2006-11-09 [11]

The Daily Incite - November 10, 2006

November 10, 2006 - #154

Top Security News

Top Blog Postings