The first few days of 2018 have been busy for security professionals and IT admins. As Ars Technica put it: every modern processor has "unfixable" security flaws. There are fixes - sort of. But they come with a cost: computers will run up to 30% slower because of it, depending on the type of work … Continue reading How the meltdown CPU bug adds 50 million tons of CO2 to the atmosphere
This has really been the year of marketing and doomsday predictions for companies that need to follow the new European privacy regulations. Everyone from lawyers to consultants and numerous experts of every breed is talking about what a big problem it will be for companies to follow the new regulations, and the only remedy would … Continue reading Privacy practice and the GDPR
If you are like most people, you don't read privacy statements. They are boring, often generic, and seem to be created to protect businesses from lawsuits rather than to inform customers about how they protect their privacy. Still, when you know what to look for to make up your mind about "is it OK to … Continue reading Why you should be reading privacy statements before using a web site
Insurance relies on pooled risk; when a business is exposed to a risk it feels is not manageable with internal controls, the risk can be deferred to the capital markets through an insurance contract. For events that are unlikely to hit a very large number of insurance customers at once, this model makes sense. The … Continue reading Does cyber insurance make sense?
How to prepare for and survive a virus epidemic: no crying for WannaCry and Petya. Prepare. Relax. Laugh.
Physical object security and cybersecurity defense have many similarities, such as: Defense in depth Intelligent adversaries The need for awareness Structure of response activities There is one thing, however, that is taught to everyone responsible for providing physical security: you main focus is to protect the "vital objects". These things can be a power substation, … Continue reading What is your “vital object” when planning security measures?