Governance and Regulation
Cigital Participates in White House Discussion on the Progress of the President’s Cybersecurity Efforts
On Wednesday July 14, 2010, US Cyber Security Coordinator Howard Schmidt convened a hastily called meeting of around 100 public and private sector security experts at the White House to explain the progress he has made in the six months since he joined the administration. I was there. In an unexpected and exciting surprise, President [...]
Is Digital Evidence the Forcing Function After Compliance?
My Saturday US Mail delivery (so sad if it goes the way of the dodo bird) arrived with several notifications of class action lawsuits for companies in which I’ve held equity positions. As I walked back from the mailbox, I had the thought: HIPAA and PCI protect the consumer, but who/what is protecting the business [...]
Howard Schmidt Cybersecurity Czar
Our sincere congratulations to Howard Schmidt for taking on one of the most important jobs in computer security—US Cybersecurity Coordinator for the White House. Howard knows what he’s getting into, because he already did it once. (You’re crazy Howard!) Here’s what the White House has to say. Back in July I talked about what I [...]
Security Guidance and its “Specificity Knob???
While speaking at a conference out west an interested attendee challenged me: “You said I should make my security standards as specific as possible, but the other speaker said, ‘Keep them general’, what gives???? This type of exchange happens all too often in the software security space these days. I could do a piece on [...]
Duck, Duck, Goose
I’d like to give a slightly different perspective on a topic John Steven talked about a few weeks ago (“Keeping up with the Jones’ Security Initiatives???). Be a goose; don’t spend “10%??? just because it’s a popular number. I spent the first four years of my career, in the early 1980s, in the Air Force. [...]
Feng Shui Governance
(with apologies for complete lack of artistic merit) feng shui governance plan, influence, and conduct policy for all from boardroom to bits everyone get on board a single train forward a balanced approach harmonious existence with stakeholders all set tone at the top the key of transparency all must understand solving all problems a terrible [...]
An apology to our friends and colleagues
Cigital is in the business of making software secure, often by telling our clients precisely how and why their software is not secure. There are an almost infinite number of ways to be vulnerable so it should be no surprise that we rarely find the perfect system. I’m tempted to say never, but I’d have [...]
Darn the SOX, We Need More Security Ahead
The PCAOB is introducing new guidance to help lower the overall cost and, presumably, increase the effectiveness of SOX 404 audits. It needs to use this opportunity to help fix some root causes, not just tell us how to find more symptoms. This past December, the PCAOB announced that it would propose for public comment [...]
