Welcome to the SecAware blog

I spy with my beady eye ...

6 Mar 2013

The bloggings will continue until morale improves

I've just noticed that, according to Blogger, this is my 1,000th piece on the NoticeBored blog since 2005, an average of about 10 a month.  In fact, I published  a few hundred more on the previous blog platform but I've long since forgotten how many, and it doesn't matter much anyway.

Just in case you are the least bit interested, here are the top ten most popular posts according to the mimimalist statistics that Blogger gives me:

  1. A distinctly cynical piece about the launch of the Information Security Awareness Forum - a laudable British initiative unfortunately overshadowed by a lack of focus and the competing interests of its commercial sponsors.  I guess the ISAF website is still running but updates are few and far between, while the associated blog's domain has expired.  Such a shame, yet another missed awareness opportunity. 
  2. A short note about a NIST paper Directions in Security Metrics Research (NISTIR 7564).  The paper outlined a bunch of possible avenues for research into security metrics: I wonder if any of them actually took place?  NIST has the smarts to make a real impression on security metrics.  I hope PRAGMATIC Security Metrics will prove to be a useful new direction.
  3. A heads-up about a bunch of credit card numbers being posted on an eBay forum.
  4. An announcement about a new NoticeBored awareness module on information security risk management, complete with diliferate mipsellings.  Interesting that this should be so popular since we are currently preparing an update to the very same module.
  5. A harsh critique of FAIR (Factor Analysis of Information Risk), with a lengthy and spirited rebuttal by Alex Hutton - well worth reading in its entirety.  We may hold different opinions in some respects but we are in violent agreement elsewhere.  Overall, I have a lot of respect for Alex - he knows his stuff.
  6. A little item about incident management plans and processes.  Short and sweet.
  7. News about the hacking of a Xerox multi-function printer thingummy, a plain English summary of the main points from a geeky Black Hat presentation.
  8. A very short note about the costs to fix bugs escalating 200 times if they are discovered after implementation, compared to finding and fixing them much earlier in the software development cycle.  I suspect this item is so popular because the x200 figure is frequently quoted but the original source is obscure and hard to track down.  As I recall, it was shown on a graph in a research paper, in other words an image not readily located using, say, Google. 
  9. Announcing another NoticeBored awareness module on business continuity.  I am disappointed to be one of very few professionals promoting the concept that business continuity is a superset of resilience, recovery and contingency practices.  Even ISO/IEC JTC1/SC27 doesn't get it, judging by the fact that the editor appears to have struck out my rewrite of the business continuity section of the forthcoming update to ISO/IEC 27002, largely reverting to the gibberish from the 2005 version.  If you believe business continuity management is all about recovering information security, knock yourselves out.  I give up.
  10. Another short item about a list of 100 underground hacking/cracking/warez websites, complete with a security warning for anyone foolhardy enough to be browsing indiscriminately.

I'm a little disappointed to have received so few reader comments on the blog, with notable exceptions such as Alex Hutton's response.  Sometimes I wonder if I am just idly talking to myself here, quietly gibbering or muttering away like the nutter on the bus.  Maybe I should become more contentious and outspoken in the next 1,000 bloggings, or just concede defeat and keep this stuff to myself in future ... but Blogger tells me I have more than 2,000 readers per month, the silent majority which keeps me going.  I guess you find some interest and value in my musings, dear reader, and indeed so do I: from time to time, I search my own blog for stuff I have written before, particularly links to useful resources (such as that x200 reference at number 8 above).

To infinity ... and beyond!


No comments:

Post a Comment