Message in a PCI bottle - preserving message queue integrity
Final part in the series on achieving PCI compliance when dealing with message queues.
Ben Rothke | 28 Jun | Read more
Stories by Ben Rothke
Without information security processes, you are flying blind
The aim of the Security Analogies Project is to help spread the message of information security and its importance in the modern world.
Ben Rothke | 05 Apr | Read more
Don’t use general recruiters in salary negotiations
In part 1, I addressed why firms struggle to find quality information security staff. In this segment, I’ll discuss how recruitment can help or hinder that, and get insights from noted information security recruiter Tracy Lenzner.
Ben Rothke | 09 Nov | Read more
Application security needs to be shored up now
In this first of a three-part series, we will explore the connection between PCI and application security. Parts 2 and 3 will detail how to ensure PCI compliance for all things application security.
Ben Rothke | 24 Aug | Read more
The CSA is the new VIP of information security
In the piece I wrote in December ("What the Sony breach means for security in 2015"), I noted that while a good CISO is important; great security architects are critical. While a CISO may get the glory; security architects are what most organizations need.
Ben Rothke | 10 Jul | Read more
Do CISSPs make good life insurance agents?
In January, I updated my profile on a popular job board. While the information security space is quite hot and my inbox was quite busy, I also got a number of emails from left field. Over the course of a few weeks, I also received over 25 emails from some of the most prominent life insurance firms in the US, including:
Ben Rothke | 02 Jun | Read more
How to get CVSS right
For anyone dealing with software vulnerabilities, the CVE and CVSS are often their first stops in finding out the scope and details, and just about everything else they need to know about the specific vulnerability.
Ben Rothke | 16 Apr | Read more
What does the collaborative economy mean for information security?
Most employers allow their staff reasonable use of office products such as telephones, copy machines, coffee and the like. For the most part, employees won't be using the copy machines to compete with Kinko's or a company car to compete with black car limousine services. Well, at least not until now.
Ben Rothke | 10 Mar | Read more
It's time for a National Cybersecurity Safety Board (NCSB)
In his book The Psychological Edge: Strategies For Everyday Living, clinical psychologist Dr. Samuel Shein writes that while we have a National Transportation Safety Board (NTSB), there is no National Psychological Research Board (NPRB). A group like the NPRB could investigate national disasters caused by those with psychological issues.
Ben Rothke | 20 Feb | Read more
What the Sony breach means for security in 2015
The recent (and perhaps ongoing) Sony breach was certainly one of the worst corporate data breaches we have seen to date. As 2014 draws to a close, no one knows the details with certainty of who the perpetrator was. Even so, it's undeniable that it's a breach that will forever change the way Sony does business.
Ben Rothke | 24 Dec | Read more
Where did that data come from? And do you want fries with it?
He uses statistics as a drunken man uses lamp-posts -- for support rather than illumination -- Andrew Lang (1844-1912)
Ben Rothke | 04 Nov | Read more
Money transfers, creative scammers, and fraud
In Fitness for Geeks: Real Science, Great Nutrition, and Good Health, author Bruce Perry writes of Tabata sprints, an ultra-intense exercise that has dramatic benefits. But however effective they may be, even Izumi Tabata himself felt that given their difficulty, only the most serious athletes would use them.
Ben Rothke | 12 Jul | Read more
Why Information Must Be Destroyed, Part Two
In the first installment of Why Information Must Be Destroyed I discussed how not discarding worthless hard copy documents, even though they appear to have no value is a security risk. While this is true for physical hard copies, it is even more relevant for digitally stored data.
Ben Rothke | 07 May | Read more
Why Information Must Be Destroyed
The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. Ben Rothke explains why it's a bad habit in the world of IT security.
Ben Rothke | 25 Feb | Read more