Management
Position yourself on Security Maturity Grid
- Albert Zenkoff
- 2016-02-09
- Management, company posture, cost, grid, improvement, management tool, security management, security maturity, tool
I wrote up the Security Maturity Grid the way quality management is usually presented. The grid is a simple 5 x 6 matrix that shows different stages of maturity of the company’s security management against six different security management categories (management understanding of security, problem handling, cost of security, etc). The lowest stage of maturity ...
Read More
CAST Workshop “Secure Software Development”
- Albert Zenkoff
- 2015-09-21
- Management, best practices, CAST, event, security, share, software development, workshop
We are organizing the workshop on “Secure Software Development” now for the third year in a row. As usual, the workshop is in Darmstadt and the logistics is cared for by the CAST e.V. The date for the workshop is 12 November. This year most presentations seem to be in German, so probably it does ...
Read More
The human factor: philosophy and engineering
- Albert Zenkoff
- 2015-04-22
- Management, arete, blind men and an elephant, engineering, excellence, holistic approach, long-term view, philosophy, quality, security, systemic approach, value, virtue
The ancient Greeks had a concept of “aretê” (/ˈærətiː/) that is usually loosely translated to English as “quality”, “excellence”, or “virtue”. It was all that and more: the term meant the ultimate and harmonious fulfillment of task, purpose, function, or even the whole life. Living up to this concept was the highest achievement one could ...
Read More
Workshop on Agile Development of Secure Software (ASSD’15)
- Albert Zenkoff
- 2015-01-30
- Management, Agile Development of Secure Software, announcement, ARES, ASSD, call for papers, development of secure systems, security, Security awareness, Security metrics, workshop
Call for Papers: First International Workshop on Agile Development of Secure Software (ASSD’15) in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES’15) August 24-28, 2015, Université Paul Sabatier, Toulouse, France Submission Deadline: April 15, 2015 Workshop website: http://www.ares-conference.eu/conference/workshops/assd-2015/ Scope Most organizations use the agile software development methods, such as Scrum and ...
Read More
Sony 2014 network breach, the most interesting question remains unanswered
- Albert Zenkoff
- 2014-12-23
- Management, attack, bigger picture, breach, infiltration, information extraction, network, purpose of attack, question, security, Sony
The November 2014 breach of security at Sony Corporation remains the subject of conversation throughout the end of the year. Many interesting details have become known while even more remains hidden. Most claims and discussions only serve to create noise and diversion though. Take the recent discussion of the antivirus software, for example. Sony Corporation ...
Read More
ENISA published new guidelines on cryptography
- Albert Zenkoff
- 2014-12-04
- Management, crypto, Cryptography, ENISA, EU, recommendation, report
European Union Agency for Network and Information Security (ENISA) has published the cryptographic guidelines “Algorithms, key size and parameters” 2014 as an update to the 2013 report. This year, the report has been extended to include a section on hardware and software side-channels, random number generation, and key life cycle management. The part of the ...
Read More
Visualization of world’s largest data breaches
- Albert Zenkoff
- 2014-11-11
- Management, biggest, breach, bubble, data, diagram, entertaining, interesting, losses, security, useful, visual, visualization, world
I stumbled upon a very interesting infographic that portrays some of the world’s biggest data breaches in a running bubble diagram. Entertaining and potentially useful in presentations Have a look.
Read More
Three roads to product security
- Albert Zenkoff
- 2014-10-16
- Management, advice, choice, Common Criteria, consult, definition, management, OpenSAMM, path, process security, product security, road, security, three, way
I mentioned previously that there are three ways to secure a product from the point of view of a product manufacturing company. Here is a little more detailed explanation. This is my personal approach to classifying product security and you do not have to stick to this but I find it useful when creating or ...
Read More
Secure the future – have a change of mind!
- Albert Zenkoff
- 2014-09-24
- Management, atomization, civilization, costs, economics, justify, long term, management, mindset, necessity, profit, profitable, secure future, security, separation, short-sighted, survival
The future of the enterprise can be secured provided that it is properly organized and operated with full understanding of its economics. The current concentration on “profit here and now” is extremely harmful to the survival of the economy of the world as a whole and every given enterprise in particular. Why is that? There ...
Read More
Cheap security in real life?
- Albert Zenkoff
- 2014-06-30
- Management, advice, audit, cheap, customer, management, penetration testing, practice, product, quick and dirty, security, security by obscurity, security program, systematic, white box
Security concerns are on the rise, companies are beginning to worry about the software they use. I received again a question that bears answering for all the people and all the companies out there because this is a situation that happens often nowadays. So here is my answer to the question that can be formulated ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
