Friday, June 26, 2009

What went wrong?











Another day, another breach notice in the mail. This one to my wife yesterday.

What I want to know is:
  • What merchant breached the data?
  • How many other cards were breached?
  • How long after the breached was this detected?
  • How was this detected?
  • How long before the lapse that allowed this breach is fixed?

What are the odds that calling the 1-800 number will give us these answers?

Posted by at No comments:

Tuesday, June 16, 2009

IT Infrastructure Threat Modeling Guide.

Russ Mcree (now at Microsoft) has just released the official 1.0 version of the IT Infrastructure Threat Modeling Guide.

I contributed a teeny tiny little bit of reviewage to this when it was in beta, and I have to say, it looked real good. A nice first jab at the problem of looking at whole of your infrastructure risk-wise. At the time, I was already using a similar model at work, but I'm definitely going to be adding this model to the mix.

It's worth a read.

PS: Russ is a great guy and totally open to feedback. If you've got something intelligent and useful to say about the model, please do speak up.
Posted by at 1 comment:
Subscribe to: Posts (Atom)