I thought this was pretty funny because of how true most of it is: How to Suck at Information Security

What struck me was the following line: “Ban the use of external USB drives while not restricting outbound access to the Internet.”

This sums up some of the most egregious mistakes in the information security — taking a vulnerability view versus a threat view of how to secure your infrastructure. USB drives typically pose a relatively small threat to an infrastructure compared with unfettered outbound Internet access, but many organizations I have worked with are doing just that.

Happy New Year, 2009. Every one makes some kind of resolution for the new year. I think it is the hope that we can somehow change the things that we least like about ourselves or our lives that causes us to make promises. Every year I resolve to lose weight, but somehow by the end of the year I am right back where I was before.

This year, I am resolving to write more and be more visible. I plan on writing regularly here about information security and the relationship it has with economics, politics, news, and other areas. Hope you enjoy, and if there is something you wish to comment on or suggest, please put it in the comments.