An audit framework for evaluating structured security program frameworks
How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved?
Possible frameworks (Criteria)

No structured security program, or one based around a single vendor or regulation
Mike Rothman’s Pragmatic CSO (P-CSO)
Gunnar Peterson’s […]

Today I came across a news article in reply to a question asked by Steven D. Levitt, “If you were a terrorist, how would you attack?” The blog posting has struck controversy among many people, and it just reminds me of all the full-disclosure debates we have had in the security industry. Does spelling out […]

Every time I have a conversation with someone who has diarrhea of the mouth, it makes me nauseous. The other day, I was flying from Atlanta to Hartford (my flight was delayed by an hour) and while in the plane waiting, I struck up a conversation with a BPM/O software sales engineer and some Windows […]

I asked a colleague once how to answer those silly questions, you know, the ones banks and other sites like to use to reset passwords? They’re used to verify you are, who you say you “were.” Well, my bank at the start of the year had introduced some security enhancements to their site and also […]

I wanted to ask Dan Kaminsky, who btw is a brilliant presenter (more below), about doing grammar and writing style analysis to determine who wrote a paper. I can see the techniques as potentially having forensic uses. Don’t ask me what his talk was about, I would not be able to recall any useful details. […]