information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there… Continue reading what is information security management?
Author: Kaveh Mofidi
While he enjoys working with computers and dealing with information security, he believes that our challenges, as humans, extend far beyond infosec and even technology. He says: "The real task is to discover solutions for unlimited clean energy, drinkable water, and addressing the root causes of hunger, war, and injustice. Our primary goal should be to keep our planet livable; that is the true challenge we face on the Earth!"
having something vs doing something
There is a difference between knowing the path and walking the path, right? just because I have something, does not mean I know something, or I do something. just because there are technologies, software or tools for a thing, let’s say GDPR compliance metrics, patch management, ITIL platforms, vulnerability scanning, application security testing…and so on,… Continue reading having something vs doing something
are you surprised by SolarWinds hack?
it is really funny when they call it one of the most sophisticated hacks in history and stuff like that, because it is actually one the most stupid hacks of all the times. nothing is really surprising about Solarigate or whatever they call it to me except how those companies that forever they have been… Continue reading are you surprised by SolarWinds hack?
SolarWinds hack: what just happened?
Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again? it is interesting that how these top security companies with lots of managed service and bunch of products in… Continue reading SolarWinds hack: what just happened?
human firewall
no doubt that users are the main problem in the whole concept of cyber defense, as we call it weakest link. Now, Awareness and Training as security community typically has been doing is neither effective nor actually deliverable. Imagine we would want to continue law enforcement and public awareness by means of “Most Wanted” posted… Continue reading human firewall
say The Word and you will be Secure:”wishes don’t wash dishes”
“Talk doesn’t cook rice.” Ancient Chinese Proverb There is a saying in Persian…you won’t taste sweetness in your mouth just by say Sweet, Sweet, Sweet…but it looks like industry believe we can be Secure just by saying Secure, Security, Sec… just by putting a Sec in front or end of a product, service, name, process,… Continue reading say The Word and you will be Secure:”wishes don’t wash dishes”
is Security inconvenient?
we presume Security is always equal inconvenient, either form consumer point of view, or developer. as a consumer you have to remember passwords and configure stuff, and as a developer to need to make sure you put controls around authentication process and how passwords are being used. I agree that is inconvenient but are we… Continue reading is Security inconvenient?
Attacks are not advanced, we are naive!
cyber attacks that you hear about them in news these days are not advanced at all, this is security community acting so naive and blind, knowingly and unknowingly which then implies into thinking that attacks are sophisticated. in mature industries like agriculture, professionals study their enemies and for centuries they have been able to defeat… Continue reading Attacks are not advanced, we are naive!
Software is the root cause of all insecurities
Software is the core of any computerized system and it is the most effective way of introducing insecurities to cyberspace with all its entities. eliminate fancy tools like synthesizer if you want your child be a musician. root cause of all security vulnerabilities (mainly) resides with the software, the foundation of all computer systems, where… Continue reading Software is the root cause of all insecurities
Security and Quality
Security is a matter of usability and one of elements of quality of a system. ain’t it literally a matter of “safety”? how come Quality does care about a defect related to safety of a user in physical world but not the virtual world? security bug is named differently: security vulnerability, but ain’t just a… Continue reading Security and Quality