Author Archives: dutcherstiles

Everyday Privacy & Security Part 2: Fear Factor Authentication, or I Won’t Forget You Baby, Even Though I Should

Posted on May 14, 2007 by dutcherstiles

If you are like me, or, if in fact, you are me, your online financial transacting experience has gone all Security 2.0 by the factor of WOW! Over the weekend, I had an unpleasant experience. The clerk at our local … Continue reading

Posted in Uncategorized | Tagged , , | 2 Comments

SSNS ON THE LOOSE! (Legacy Edition)

Posted on May 8, 2007 by dutcherstiles

I’m trying to understand the newsworthiness of the latest episode of “SSNS On The L0OzE. OMG!!1!!” Some dude in the mail room puts a bunch of computer tapes in the wrong slot, according to the AP report in the Houston … Continue reading

Posted in Uncategorized | Tagged , , , , , | Leave a comment

Throwing Scorpion Out With the Frog Water

Posted on May 7, 2007 by dutcherstiles

Declan McCullagh says that the federal government is unlikely to implement the National Research Council’s privacy recommendations, in particular, a privacy commissioner, because it isn’t in the federal government’s scorpion-like nature. Ars Technica also has coverage. (And why must it … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Waffle are Just Pancakes with Little Squares On ‘Em

Posted on May 5, 2007 by dutcherstiles

I’ve been working on something, but I don’t know if it will make by race time in Shanghai. In the meantime, the most important part of internal auditing is “production value.” And we know what that means.

Posted in Uncategorized | Tagged , , , | Leave a comment

Impacted Molars

Posted on May 1, 2007 by dutcherstiles

Brighter Teeth From Educational Security Incidents via Pogo comes this terrifying story of privacy laden scratch paper from the land of the gigantic stone Texan. Apparently Sam Houston State U. uses a student ID number that is not their SSN. … Continue reading

Posted in Uncategorized | Leave a comment

Go Ask Alec Baldwin

Posted on April 27, 2007 by dutcherstiles

SSL apostate Ian G. refers to an article on estimation of loss due to a privacy breach.I think we are measuring the wrong thing, and operating on these assumptions is dangerous. From the article, a Forrester analyst says: “After calculating … Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

The Red, Yellow and Green Legos of Judgment

Posted on April 25, 2007 by dutcherstiles

I’m out here in Coyote and Roadrunner land, knee deep in internal auditing. I co-presented yesterday on privacy, as a co-author of an Institute of Internal Auditing publication.It’s been a interesting couple of days, driven in part by the isolation … Continue reading

Posted in Uncategorized | Tagged , , | 1 Comment

Apocalypse Pooh

Posted on April 18, 2007 by dutcherstiles

It’s a grim world around us. A mass murder turns into a cynical ploy to promote and condemn any issue you care to name, or exploit the grief for naked profit. How can I deal, in the short term, except … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Sweet Fancy Moses

Posted on April 12, 2007 by dutcherstiles

Lots of odd stuff (mostly from Pogo & Fergie): Why Justice Went Blind The courthouse security folks in El Paso County can see you nekkid.“The new machine will not replace the metal detectors already in use at the judicial complex. … Continue reading

Posted in Uncategorized | Leave a comment

In defense of controls

Posted on April 11, 2007 by dutcherstiles

Alex is pretty down on ISO 17799. I think the reasons are that he sees organizations substituting ISO 17799 for risk management FAIR style. Instead of calculating a realistic, customized risk profile, an organization pulls ISO 17799 (or COBIT, though … Continue reading

Posted in Uncategorized | 3 Comments