Verizon Publishes its VERIS Community Application


The Verizon RISK team have just published their VERIS community application. Structured on the VERIS (Verizon Enterprise Risk and Incident Sharing) framework, this application is a tool they have made available to extend to anyone the ability to contribute information on data breach incidents, to enrich the already considerable body of breach data Verizon has [...]



By | November 11th, 2010|Scott Crawford|0 Comments

A New Security Paradigm: HCIA


In a recent post, I talked about the security value of IT management disciplines such as configuration and change control. I pointed to evidence we had gathered here at EMA that support the security and IT risk management values of taking a strong approach to defining change management objectives, actually implementing them in practice, monitoring [...]



By | November 10th, 2010|Scott Crawford|0 Comments

Intel-McAfee: First Stroke of Midnight for the IT Security Industry? Or Inflection Point for the Future?


Fortunately for me (I was going to say “unfortunately,” but in retrospect I think it was a Godsend), I was in South America with extremely limited connectivity when the Intel-McAfee story broke. This, however, gave me some time to a) enjoy the spectacular scenery of Rio de Janeiro, and b) formulate my thoughts about this eyebrow-raising deal [...]



By | August 31st, 2010|Scott Crawford|0 Comments

Security: Going Beyond No


What makes our coverage of security at EMA different? Simply this: We do not see security management as something confined to narrow segments of technology, isolated from other aspects of IT or from the people and processes that make up the business. At first blush, this may seem fairly obvious, considering that security is, after [...]



By | August 27th, 2010|Scott Crawford|0 Comments
Load More Posts