Tag Archives: security policy
Not many people realize that IBM i lets you define your own ad-hoc or application-defined special authorities. That’s not real surprising considering that neither the name of the mechanism nor the documentation says anything about special authorities.
Hey everyone! Starting this month I’m going to be writing a monthly article for IBM Systems Magazine’s EXTRA online newsletter. Check out the March installment — Howdy, Partner! The Role of Application Developers in IT Security — for a look … Continue reading
I recently read an article called The Enemies of Data Security: Convenience and Collaboration, posted by Carl S. Young on the Harvard Business Review website. My experience with academic papers on information security is that most of them don’t deal … Continue reading
It’s a simple fact. Good security doesn’t just happen. You need to have a very specific set of knowledge to effectively secure your information assets. The knowledge you need falls into five discrete categories: policies, data, people, systems, and events.
CAUTION: RANT ALERT On Wednesday, November 19, Admiral Michael Walters, the head of the NSA made a very disturbing announcement. He said that China and one or two other countries have the capability to launch a cyber attack that could … Continue reading
Whenever I see a web site or hear a commercial touting how my personal information is secure because “we use encryption,” I just have to chuckle. I guarantee you that Target did — and does — encrypt your personal information … Continue reading
From the title you might be thinking that the theme of this article is something like “information security is war.” But that’s not it.
OR….. How Jobs Get Authority to Objects Words have consequences. Saying things like “we’re going to tighten security” or “we’re going to remove public (or default) authority” or “we’re going to remove direct access to data” will almost invariably lead … Continue reading
A while ago I ran across this white paper from KPMG Netherlands: The five most common cyber security mistakes: Management’s perspective on cyber security. As I was reading it I found myself making my own list. My list is called “5 … Continue reading
“Former Hostgator employee arrested, charged with rooting 2,700 servers” was the headline of an April 19, 2013 article published by Ars Technica website. Rooting refers to providing the attacker a way to gain superuser access on a computer system. Doing … Continue reading