Threat modelling was the subject of the latest Virtualization Security Podcast (which I am still trying to upload, so time for a new service). Threat modelling is what every security person does, but not necessarily formally. Threat modelling in many ways takes an architecture and looks for well-known threats. One such threat that could come …
TVP Category Archives
In the Midst of a Generational Shift
Information technology is an industry that is known, recognized, and often referred to as the industry of change. That recognition is well deserved, when you think about all the changes that happen within a relatively short amount of time. Physical hardware has refresh cycles of between three and five years.
Companies Leave a Treasure Trove of Data
For the last several years, and really ever since public repositories and storage were first used, API and other confidential data has been leaking. The treasure trove as the start of an attack is now becoming common place (most recently from Accenture, DXC Technology, and now the drone maker DJI). The treasure troves are either …
Privacy: It Is Such a Personal Thing, Part 2
In my first post in this series, I posited that there is an implicit assumption that every individual has the right to data privacy and that privacy has on the whole been codified into law in may first-world countries, with the exception of the United States. In this second post in this series, I will begin …
Continue reading “Privacy: It Is Such a Personal Thing, Part 2”
Unplanned Obsolescence – Digital Lifespan
Recently, the xkcd comic (https://xkcd.com/1909/) mentioned digital lifespan with a pithy comment about digital resources disappearing quickly. This is quite prevalent in the project to restore NASA records from Apollo missions, such as LOIRP. NASA participated in unplanned obsolescence as well as misunderstanding the value of its data. It picked data formats that were not …
Continue reading “Unplanned Obsolescence – Digital Lifespan”
Process, People, Ptechnology, and Politics
The four Ps of security, DevOps, Agile Cloud Development, and cloud migration are Process, People, Ptechnology, and Politics. In that order. The Ptechnology piece is by far the easiest piece, though it is often considered to be critical. Without Process and People, at this time, technology is just a bunch of 1s and 0s. Unfortunately, …
Continue reading “Process, People, Ptechnology, and Politics”