Quick link on Secure Coding Best Practices

Came across this article from CERT in the course of my day job; if you think about securing systems at all it’s worth a look, if only for the instant classic photo (worth a 1,000 words, at least!) they have on the page.  Check it out when you have a chance; I don’t want to ruin the surprise.


2011 Verizon Cyberattack Report Published

First saw this on Computerworld, but the Verizon 2011 Cyberattack Report is out.  One of the big takeaways is that they estimate 97% of the attacks were avoidable without the need for “difficult or expensive countermeasures”.  This seems completely plausible to me, especially since the human element is such a large and vulnerable component of an information security strategy, and because it seems that it is often easier for organizations to throw money at a problem and expect it to go away then to spend the time to really analyze the situation and monitor it on a recurring basis.  But information security (much like EM) is a process, not a product.

Tough economic times, tough decisions in EM

In the EM class I’m taking, we’ve talked about agenda building and policy in relation to emergency management.  A natural but unfortunate part of the process is that as the public’s focus turns elsewhere, programs begin to decline.  In emergency management, lack of a particular type of incident tends to undermine focus.  In difficult economic times, that decay manifests even quicker.  Cases in point:

All these points have me thinking about the problem from a different angle, and I hope to discuss it further here in the near future.