Why you should be reading privacy statements before using a web site

If you are like most people, you don't read privacy statements. They are boring, often generic, and seem to be created to protect businesses from lawsuits rather than to inform customers about how they protect their privacy. Still, when you know what to look for to make up your mind about "is it OK to … Continue reading Why you should be reading privacy statements before using a web site

Does cyber insurance make sense?

Insurance relies on pooled risk; when a business is exposed to a risk it feels is not manageable with internal controls, the risk can be deferred to the capital markets through an insurance contract. For events that are unlikely to hit a very large number of insurance customers at once, this model makes sense. The … Continue reading Does cyber insurance make sense?

What is your “vital object” when planning security measures?

Physical object security and cybersecurity defense have many similarities, such as: Defense in depth Intelligent adversaries The need for awareness Structure of response activities There is one thing, however, that is taught to everyone responsible for providing physical security: you main focus is to protect the "vital objects". These things can be a power substation, … Continue reading What is your “vital object” when planning security measures?

Handling suppliers with low security awareness

Supply chain risk – in cyberspace Cyber supply chain risk is a difficult area to manage. According to NIST 80% of all breaches originate in the supply chain, meaning it should be a definite priority of any security conscious organization to try and manage that risk. That number was given in a presentation by Jon … Continue reading Handling suppliers with low security awareness

Why “secure iframes” on http sites are bad for security

Earlier this year it was reported that half of the web is now served over SSL (Wired.com). Still, quite a number of sites are trying to keep things in http, and to serve secure content in embedded parts of the site. There are two approaches to this: A form embedded in an iframe served over … Continue reading Why “secure iframes” on http sites are bad for security

Trust in business is trust in the security of those you do business with

Without trust in business there would be no growth. When someone grants you credit, they trust you will honor your duty to pay. When you fork over money for a product you trust that the product is what marketing says it is, or at least fairly close to that. If this trust was not in … Continue reading Trust in business is trust in the security of those you do business with