After a week away from the office over Thanksgiving, a colleague had understandably forgotten their convoluted non-dictionary, non-repeating, non-sequential, non-patterned, mixed case, alphanumeric & special, 15 character password. Give it a week or two and who wouldn’t?
As they were trying to think of a memorable password that was strong enough password to meet policy, I thought of an article I’d published circa 2006, and thought it was worth putting back out. It’s hard to believe it was so long ago, but that aside, it’s not a new subject and was the focus of one of my favorite XKCD comics, on slashdot in a discussion of alternate password systems, and over at Scheier on Security as a perspective on the secret question.
Though I initially Read more
Securing Everything as a Service
The Software, the Process, and FISMA Compliance
In the world of XaaS, the internet of things, and particularly in light of recent developments in the cyber-security language of contracts I’ve recently reviewed for capture; I’ve spent some time revisiting the literature and my thoughts surrounding this brief essay I’d written in early 2012 as an argument against the application of negligent entrustment in outsourc(ed|ing) IT.
Due, in part, to the presedential cybersecurity directives and appearing to be in response to changes in the National Defense Authorization Act, anticipated changes to the DFARS (originating with 2011-D039), and the continued focus on cyber security within all national sectors; a renewed focus on the development lifecycles and standards of programs warrants review and increased level-of-attention that extends beyond Read more
Though this site doesn’t have a substantial following, I do have some resources linked here and photos shared for friends, family and colleagues – so I did want to note that this site will be undergoing an overhaul in the next couple of weeks. I’m finally moving off of a legacy Joomla! installation and onto Wordpress. There are a variety of reasons, but the most significant is to enhance media sharing and to more easily manage content and whitepapers that I’m putting together from academic, personal and professional research.
I’ve been working quite a bit with some of the open source ERP systems; specifically ERPNext and OpenERP, which are both python based so a move to a VPS is in order on the DreamHost side Read more