2 Days Left to Save $400 on SANS Albuquerque 2014

Blog: SANS Security Trend Line

Twelve Word Tuesday: Looking for Security Tea Leaves in New Microsoft CEO's "Bold Ambition & Our Core" Missive

Satya Nadella's letter to employeesmentions cloud 7x more often than security.

Microsoft CEO letter here

Twelve Word Tuesday: It Hurts When They Do That, Get Them to Not Do That

Continuous vulnerability avoidance much more profitable than continuous monitoring/mitigation/incident response.

Twelve Word Tuesday: Verizon 2014 DBIR Critical Security Controls Incident Prevention Heat Map

Vertical: Hotels need basic hygiene

Horizontal: Patching and securing remote access dominate

Darker shading means more likely to have prevented incident.

Figure 70 from 2014 Verizon Data Breach Investigation Report

A Conversation Around Supply Chain Integrity - Is There Any Real Way to Trust Products?

Bill Murray and I recently had an fun interchange on the topic of supply chain security and he's agreed to let me reproduce it here.

The starting point was a comment I made in SANS Newsbites on this news item:

[[60]] China Vetting Networking Gear

(May 22, 2014)

After the US Justice Department indicted five members of China's People's Liberation Army (PLA) for espionage, China has begun imposing inspection requirements for networking gear sold there. The US imposed similar restrictions on Chinese-made gear in 2012, essentially removing Chinese network equipment suppliers Huawei and ZTE from the US market.


Pescatore - I said last week "It's official, we are now in a Cyber Cold War"


Twelve Word Tuesday: 25 Years After the End of the Last Cold War: Lessons Learned for a Cyber Version

Mutually Assured Destruction proved best defense tipped the balance - least vulnerable wins.