An audit framework for evaluating structured security program frameworks
How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved?
Possible frameworks (Criteria)

No structured security program, or one based around a single vendor or regulation
Mike Rothman’s Pragmatic CSO (P-CSO)
Gunnar Peterson’s […]

A lot of commotion has recently been stirred up around California Governer’s, Arnold Schwarzennegar’s recent vetoing of a bill (AB 779) that would strictly mandate all merchants to comply with. Many have scoffed at the Governer’s “caving to lobbyists and members of the retail industry.” You know what?? I actually agree with the Governer’s vetoing […]

Today I came across a news article in reply to a question asked by Steven D. Levitt, “If you were a terrorist, how would you attack?” The blog posting has struck controversy among many people, and it just reminds me of all the full-disclosure debates we have had in the security industry. Does spelling out […]

Recently, we’ve heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments from LonerVamp, and lately a rambling from Alan Shimel on how NAC will solve the […]

I saw this on Slashdot last week, an article regarding “Getting the best deals from Dell.” One bullet point really stuck out, about financing offers:
9. DPA/Dell Preferred - This is the Dell credit card, like a Sears, Macy’s or Radio Shack credit card. Typically a high rate, low limit card. The […]