Iang’s posts are, as a rule, really thought provoking, and his latest series is no exception. In his most recent post, How many rotten apples will spoil the barrel, he asks: So we are somewhere in-between the extremes. Some good, some bad. The question then further develops into whether the ones that are good are…Read More Do Audit Failures Mean That Audit Fails In General?
aka it’s not nearly as funny when you are the subject of the probe. At a recent conference Justice Scalia said “”Every single datum about my life is private? That’s silly,” Well, a professor at Fordham University decided to take Mr Scalia at his word, and had one of his classes collect a dossier on…Read More Scalia: Just Because You Can Doesn't Mean You Should
If you can read this, you are now reading Emergent Chaos on its new server. We’ve also upgraded to the 4.x train of MovableType. Let us know what you think. We’re also considering a site redesign, so let us know any feature requests or design suggestions. Thanks!Read More Welcome To The (New) Machine
(h/t to Concurring Opinions) The Daily Show With Jon StewartM – Th 11p / 10c Bill O’Reilly’s Right to Privacy Daily Show Full EpisodesImportant Things With Demetri Martin Funny Political NewsJoke of the DayRead More Daily Show on Privacy
Iang recently indicted the entire audit industry with “Two Scary Words: Sarbanes-Oxley”. I’ve excerpted several chunks below: Let’s check the record: did any audit since Sarbanes-Oxley pick up any of the problems seen in the last 18 months to do with the financial crisis? No. Not one, not even a single one! Yet, the basic…Read More Why Didn't SOX Catch The Bank Failures?
Now it’s no secret to those of you who know me that I’m a big believer in using risk management in the security space. Iang over at Financial Cryptography think’s it is “a dead duck”: The only business that does risk management as a core or essence is banking and insurance (and, banking is debatable…Read More Rethinking Risk
As long as I have been lecturing on security I have used the “Threat Hierarchy” that lists threats in ascending order of seriousness. It goes like this: 1. Exploratory hacking 2. Vandalism 3. Hactivism 4. Cyber crime 5. Information Warfare It turns out that this hierarchy is also a predictive time line. Obviously we are…Read More Information Warfare
The frequent loss of laptops and data disks by outside auditors in recent months has caused me to think about best practices for controlling auditors. The latest case involved the laptop of the auditor for Wellsfargo Bank. The laptop was stolen from the trunk of the auditor’s car and contained confidential information on bank employees.…Read More Compliance for auditors?
OK. Right off I am *not* advocating physical destruction of old recycled cell phones. This post (Mangle those hard drives!) at my primary security blog, ThreatChaos, got a lot of reactions when I suggested that physical destruction of hard drives was the best policy in lieu of a well managed data wiping process. That was…Read More Mangle those cell phones?