- This is probably my favourite read in recent times: Marcus Ranum’s essay on The Anatomy of Security Disasters. I’m not going to disect it and offer up differing views because for one, it’s a good post and secondly, I agree with most of it (Gees, see my next link). In an ideal world…maybe…..real world; Risk Management methodology “implementations” are quite sad at the best of times. More here. Scroll down to some of the older posts and Ostrich Risk Management – still the most successful Risk Management approach today in IT security.

- Had to laugh at this one from Donal’s Ockham’s Razor. Anything from Life of Brian is good. Hey, he’s not the messiah but we can still use the parables can’t we?

- My favourite PCI DSS commentator (along with Mike), Anton Chuvakin does an exceptional job as usual – this time covering the not so widely reported in Australia, US House of Representatives Hearing on PCI DSS. No need to expand more on that.

- Everyone’s on the Twitter bandwagon. Thought this was pretty cool here. Still hard to explain to those not on it. Still wondering myself.

- Had a laugh during the week about industry preciousness. Always funny to see how others judge their own self-importance and what’s cool and what isn’t in our line of work. I reckon get over it. It’s not a rock star or movie star cool type of industry we’re in. So many people taking themselves so seriously in terms of their own importance, relevance and celebrity in a small and very internal looking industry. That effort and model overall needs to be flipped on it’s backside with information flowing out to broader society instead of an eternal mutual self-congratulatory environment. Those guys who are flowing that information out have my respect. Ah, flame on. :)

Have a good Easter break to all of you that celebrate it and make sure you watch Life of Brian at some stage over the weekend since it’s that time of the year.



  1. Ralphy says:

    Don’t worry Draz, I was at a presentation this week where a telecommunications industry leader had that same level of self importance when talking about the NBN. Maybe it is a technology people failing?

  2. [...] Business are Insecure Various rants on application security Assortment of Risk Management failings Link to “The Anatomy of Security Disasters” Leave a [...]