logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - November 14, 2006

By Mike Rothman
Created 2006-11-14 10:19
Today's Daily Incite

November 14, 2006 - #156

Good Morning:
It's Tuesday and I'm in a pretty good mood. And when I'm in a good mood, I like to poke some other folks. I know, I probably should talk to my therapist about that, but it's not about making other folks feel bad (though that can be a result), it's to save my readers time. By calling bunk on product certifications (here [0]), pointing to the idiocy of a survey that says 20% of people don't see a threat from insiders (here [0]) or some more of the silly security awards (here [0]), hopefully you won't spend any of your day thinking about this stuff. The fact that I enjoy poking holes in stuff is besides the point. 

In blog-land, Amrit calls for us to start to think differently and evolve our processes to keep up with the changing threat-scape (here [0]). He's right and thought provoking. Read that post. I also want to point to a piece done by Joel Spolsky (here [0]) on how some folks game metrics in application development land, and we should expect a similar situation in security. That's why we need to really consider what metrics are used very carefully. Incent the wrong behavior and no one wins. Finally, Jeremiah does a good job of categorizing the vulnerability scanning market (here [0]), so check that out. 

Have a great day.

Technorati: Information Security [1]

The Pragmatic CSO [2]
Coming January 2, 2007		 Webcast promo [2]

Top Security News

http://www.darkreading.com/document.asp?doc_id=109786 [3]
Link to this [3]

http://www.safeboot.com/Press/Repeater_DataSource.aspx?NewsID=28 [4]
Link to this [4]

http://www.sendmail.com/company/news/20061113/
 [5]Link to this [5]

http://www.rackspace.com/mediacenter/release.php?id=136 [6]
Link to this [6]

http://www.f5.com/communication/press/2006/release111406.html [7]
Link to this [7]

Top Blog Postings

http://techbuddha.wordpress.com/2006/11/13/information-security-must-evolve/
 [8]Link to this [8]

http://www.joelonsoftware.com/items/2006/11/10b.html
 [9]Link to this [9]

http://blogs.ittoolbox.com/security/adventures/archives/workplace-privacy-vs-computer-abuse-investigations-12898
 [10]Link to this [10]

http://jeremiahgrossman.blogspot.com/2006/11/vulnerability-stack.html
 [11]Link to this [11]

here [12].
http://securityincite.com/blog/mike-rothman/coming-soon-the-pragmatic-cso [12]

Year-end webcast and seminar promotion
In order to support (and properly evangelize) the Pragmatic CSO, I want to be speaking anywhere and everywhere about pretty much anything related to information security. To do that, I'm making it very attractive for vendors and associations to book my talking head for the first 6 months of 2007. Check out the promotion and sign up quick, since the promotion only lasts until the end of the year, and I expect slots will be going fast.
http://securityincite.com/blog/mike-rothman/year-end-webcast-and-seminar-promotion [12]

Read Friday's Daily Incite
http://securityincite.com/TDI-2006-11-10 [12]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-november-14-2006

Links:
[1] http://technorati.com/tag/information%20security
[2] http://www.pragmaticcso.com
[3] http://www.darkreading.com/document.asp?doc_id=109786
[4] http://www.safeboot.com/Press/Repeater_DataSource.aspx?NewsID=28
[5] http://www.sendmail.com/company/news/20061113/
[6] http://www.rackspace.com/mediacenter/release.php?id=136
[7] http://www.f5.com/communication/press/2006/release111406.html
[8] http://techbuddha.wordpress.com/2006/11/13/information-security-must-evolve/
[9] http://www.joelonsoftware.com/items/2006/11/10b.html
[10] http://blogs.ittoolbox.com/security/adventures/archives/workplace-privacy-vs-computer-abuse-investigations-12898
[11] http://jeremiahgrossman.blogspot.com/2006/11/vulnerability-stack.html
[12] http://www.pragmaticcso.com