What we’re reading, week of 9/8

Posted: September 8, 2008 in Highlights

From 360 Degree Security…
No surprise – we have more Apple iPhone security flaws
Andrew Storms highlights what he calls “a fundamental design deficiency with the iPhone”: users’ ability to access iPhone functionality through the Emergency Call option, even when the phone is locked.

From Zero Day…
How to: Securing iPhone
Meanwhile, Ryan Naraine points us to a Wired how-to for implementing iPhone security best practices.

From Schneier on Security…
Security ROI
Bruce Schneier discusses the failings of ROI as a measurement in security, and instead suggests we evaluate security measures in terms of ALE (annualized loss expectancy). The problem with ALE, of course, is that it requires companies to analyze probability data that may never realistically be gathered – so its usefulness as a measure of ROI is theoretical at best.

From Andy, IT Guy…
Security ROI – The debate continues
Andy argues that there is only one meaningful way to analyze the cost/benefit of security, and that is “Failure of Investment,” or FOI. “When it comes to buying, implementing, or doing anything in regards to security the value of the investment is determined by success or failure. Not how much it cost vs. saved. Not how easy it is to deploy or manage. Not how much time it saves, etc…. The real measure is made when it protects or fails to protect.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s