tag:blogger.com,1999:blog-130507742024-09-22T19:57:15.176ZSchiebel-isms<A HREF="http://en.wikipedia.org/wiki/Isms">The English suffix -ism was first used to form a noun of action from a verb, as in baptism, from baptein, a Greek word meaning "to dip". Its usage was later extended to signify systems of belief.</A>Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-13050774.post-27288934445519284172007-11-20T16:38:00.000Z2007-11-21T01:24:02.324ZHow do you measure security?A perennial type of question that comes up is how to know if you are secure or measure your security. I have spent some time answering the question here, here, here, here, here, and here. As you can tell by the multiple ways of asking the same question and the huge differences in opinion expressed in people’s answers, the one underlying trend is that Information Security, as a Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-48399708032995985332007-11-19T13:35:00.000Z2007-11-19T14:03:04.705ZHow do you feel Mr. IDS ?I recently answered this question where the person wanted to get people's opinion on Gartner’s take on Intrusion Detection Systems (IDS).Gartner says that intrusion detection systems are a costly and ineffective investment that does not add an additional layer of security as promised by vendors. The company recommends that enterprises redirect their security expenditures to firewall vendorsMichael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-2244343483150262772007-11-17T13:29:00.001Z2007-11-17T13:29:58.091ZClose Source or Open Source?This is my answer to this question. Open source is definitely a factor to consider as part of a comprehensive needs assessment. What are you/your client attempting to achieve? What does their environment already contain? What impact from a user/maintenance standpoint? Is there in house expertise to support it? Does the product meet all the business requirements? What are the support costs?Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-15172023632620568802007-11-16T03:35:00.000Z2007-11-16T03:40:28.708ZDefining INFOSECThe below excerpt if from this LinkedIn question. I was attempting to point out that we already had the tools and methods we needed to do our jobs if we only took the time to realize what our jobs actually were.
I love the saying "There is nothing new in the world, just different perspectives." INFOSEC is no different. We are grappling with the age old impact of human nature at it's worst. GreedMichael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-5858184832326251022007-11-15T22:49:00.000Z2007-11-15T23:01:58.315ZHow should best practices be developed, who should be involved, and how are they shared in a manner that will make them most credible?My answer to the question was long and rambling.
Your question assumes that these decisions are best made using a top down organization where certain select few experts decide what should and shouldn't be. I am not going to debate that point; I just want to highlight a hidden assumption and offer a different way.
Humans as a species work from a bottom up thought process. We, as social animals, Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-65491397643868973322007-11-15T22:36:00.000Z2007-11-15T22:40:24.201ZBlog restartWell, after a long absence I plan on restarting this blog. For those of you not using LinkedIn, I have been spending my energy answering people's security questions in their forums. I plan on taking some of the questions and my answers that I found interesting and reposting them here. Stay tuned.Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1153222903594546572006-07-18T11:37:00.000Z2006-07-18T11:44:04.996ZYou can't fix stupidWhat a great line.
I was watching Comedy Central the other night and heard
Ron White utter those perfect words "You can't fix stupid." In one line he
summed up why I can spend the rest of my life working in Information Security.The truth is no matter how smart we think we are we make mistakes. Big ones,
small ones, can't believe you had the gall ones. The problem is the people you
have trusted Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1149007820687044762006-05-30T16:22:00.000Z2006-08-02T17:12:31.610ZThe Monoculture MythPeople build models to understand the world.We sort our world into neat categories to aid in our understanding and decision making. Us vs. Them, Dark vs. Light, Good vs. Bad; used to help us make snap decisions in a hostile world. It is understanding that each of us carry around these mental models that we use to understand and navigate the world that is key; we respond to the world based on Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1147282999106341482006-05-10T17:28:00.000Z2006-05-10T17:54:48.326ZSecure at any price?I was doing my daily scan of Slashdot this morning when I came across the following article - The Failure of Information Security written by Noam Eppel. Embedded within all that doom and gloom is the following premise - security professionals have failed because our computers and networks are still not “secure.” Noam Eppel has shown us all exactly what is wrong our profession – Noam believes Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1134590659256462832005-12-14T19:40:00.000Z2005-12-15T17:46:43.820ZForensic analysis of Microsoft HotmailI was talking with a friend the other day about how malware uses email to hack into computers. What’s malware? Read my previous article: Adware and Spyware – are they really consensual? Anyway, my friend responds back that he uses Hotmail to protect his identity and to avoid malware. Instead of getting into Internet Explorer or Microsoft bashing, I instead chose to focus on his comment of Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com2tag:blogger.com,1999:blog-13050774.post-1134404094747613722005-12-12T16:01:00.000Z2005-12-12T16:25:07.586ZForensic analysis of Microsoft Word documentsMicrosoft Word documents are stored in a proprietary binary file format that records additional information, known as metadata, beyond just the text of the document in it. Some of the information contained in the documents that you create and distribute may be embarrassing or private in nature and has shown up in several news stories much to the sources embarrassment. A forensic analysis of Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com1tag:blogger.com,1999:blog-13050774.post-1132330746672076582005-11-28T15:30:00.000Z2005-12-09T20:13:10.553ZSecurity through obscurityProtecting your identity online using anonymityIt seems like every week the newspapers are filled with horror stories of people’s identities being stolen, of millions of credit card numbers being stolen, of lives being ruined. People have been buying and selling goods and services literally since the dawn of humankind; so what has changed to cause this sudden massive increase in fraud? How are Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1131992391517065722005-11-14T18:18:00.000Z2005-12-13T20:32:14.016ZMicrosoft Encrypted File System - Digital Forensic AnalysisOverviewMicrosoft has provided its customers with the ability to protect their sensitive files using its Encrypting File System (EFS). EFS allows for the transparent encryption and decryption of sensitive files and is billed as a solution to protect documents in the event of the physical compromise of a computer. This article will show that it is possible to forensically recover documents Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1119451398027940412005-06-22T13:19:00.000Z2005-06-22T17:17:48.076ZTrust no one.Let's play the finger pointing gameUnless you have been living under a rock for the last few years you’ve probably heard about “Identity Theft” and all the major security breaches of sensitive information. No really good story can exist without your duly elected representatives, the media, and unpaid pundits including yours truly from expressing their biased and largely uneducated opinion on whoMichael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1118092265038998642005-06-06T20:50:00.000Z2005-06-06T21:18:02.996ZWhat is a good password?Welcome to the 21st century where the average person has to remember more passwords than family member birthdays. Stop right now and think about just how many passwords you use on a daily basis:
ATM pin(s)
Credit card pin(s)
Work computer(s)
Home Computer(s)
Email account(s)
Online banking account(s)
Online shopping store account(s)
The list just keeps growing. In the 21st Century we are what Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1117208405401825752005-05-27T15:29:00.000Z2005-05-31T16:49:48.876ZAdware and Spyware - are they really consensual?What is this Adware and Spyware stuff anyway?Adware and Spyware are a class of Malware that some will argue is legal due to the user accepting an end user licensing agreement (EULA.) The basic excuse is that the end user downloaded this really cool game/screensaver/program for free and accepts that the program or another bundled program will make money off the end user in some way. In short, theMichael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0tag:blogger.com,1999:blog-13050774.post-1116946105946246042005-05-24T14:46:00.000Z2005-06-01T16:14:40.786ZThe word on Information SecurityWord gamesListed below are two sentences. Read each sentence in turn, close your eyes, and imagine the scene described:An elderly gentleman waiting patiently.An old geezer slouching in the corner.How different were your mental images?Were they of the same individual?Who would you want to meet?It is well known that the words we use have a noticeable effect on how we think and behave. This is Michael Schiebelhttp://www.blogger.com/profile/03864870289477883863noreply@blogger.com0