Zen 2.0

Earlier we mentioned that EMC is buying Network Intelligence, well, there’s a bunch of analyst/editor comments out now. EMC and Network Intelligence: What it Means. In the last few months, Novell bought e-Security and IBM got GuardedNet through its acquisition of Micromuse. Cisco grabbed Protego about and year ago and rumor has it that Oracle [...]

Read this post on 5 Easy Ways to be a Better Developer today. Agree with most of what it says. Though I wouldn’t call these “easy ways.” None of them is easy unless you are willing to spend time working on them. My comments on the points… 1) Learn Ruby and Ruby on Rails. So [...]

Rumor has it that EMC is buying the SIEM vendor Network Intelligence for between $150 to $175 million. NI’s revenue is said to be around $20 to $25 mil. That’s 7x revenue, which is not bad at all. [Update: Announcement was made today on the NI acquisition by EMC. Interesting how the NI story is [...]

Have been reading quite of bit of stuff on the various best practices and frameworks such as COBIT, PCI, ISO17799, ISO20000 and ITIL. I think one of the best description of COBIT vs ISO vs ITIL is the article The Big Picture: ITIL as an Integrated Framework written by Kevin LeBlanc: All these frameworks can [...]

So a few days ago, 9/7/06 to be exact, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International jointly announced the formation of an independent council, called PCI Security Standards Council, designed to manage the ongoing evolution of the Payment Card Industry (PCI) Data Security Standard. As its first order of business, the [...]

Some links I’ve collected, nowhere near comprehensive but they have served me well. Eric Fitzgerald’s Windows Security Logging and Other Esoterica – Always a great blog to get all kinds of good info on Windows events. Eric’s a Program Manager for Windows Core Security. He’s pretty active on the loganalysis list as well and always [...]

There’s a very interesting thread being discussed on the log-analysis list. The topic is on “Log integrity handling on central logsystem.” I think the general consensus is that log signing ALONE is not going to be enough, and that signing just the filtered log is also not enough. Very interesting read. Should definitely check it [...]

Finally got a chance to read the 2006 CSI/FBI Computer Crime and Security Survey. It’s definitely worth scanning through. There are some interesting findings: Regulatory compliance related to information security is among the most critical security issues customers face. Virus attacks continue to be the source of the greatest financial losses. ($15.7 mil) Unauthorized access [...]

Hey all, I am back and I am alive. Well, back is probably not the right word since I’ve never left. But I have been really busy with a new born for the past several months. Between anZel and work, I have just not had any time to write or even read. But now I [...]

Another article from my SLA series… In this installment of a series on understanding service-level agreements, I’ll look at what you need to consider when choosing the hardware used to provide the services. Service providers offer various hardware options depending on the nature of the security service for which users sign up. Some services will [...]