John Pescatore

0600 – Leave home to drive to conference at Gaylord Hotel in Washington DC (actually Maryland)
0700 – Get to analyst work room, find schedule, go to main hall to get set up for my planned “intervention” during Chris Byrne’s keynote speech
0800 – 0900 – Keynote activities
0900 – 1000 – One on one meetings
1000 – 1100 [...]

[Read more →]

Yup, just a cheap trick to attract search engines.  But I was on a call with a Gartner client in Australia last night and the first words on the call were “Is it true?” So, sorry, click here if you really were looking for the top current events.
So, nothing relevant to this weeks news. Next week [...]

[Read more →]

This week the Internet Corporation for Assigned Names and Number (ICANN) issued a report that recommended against the practice of DNS redirection by Top Level Domains (TLDs). The most common example of this is when you mistype a URL and rather than getting Error 404 you are redirected to a screen that usually has advertising and [...]

[Read more →]

Here in the Washington DC area, we had a horrible crash on the Metro subway system. The causes (and I bet it will be plural) of the accident are still under investigation, but one fact has come to light: after Metro crashes in 1996 and again in 2004, National Transportation Safety Board (NTSB) investigators determined [...]

[Read more →]

Start now to sneak overall security gains into Windows 7 migration plans.

[Read more →]

There are reports that MasterCard now requires that Level 2 merchants (between 1 and 6 million annual transactions) now have to use an external Qualified Security Assessor for annual PCI auditing. Previously, Level 2s could do a self-assessment. While Gartner has pointed out there are many problems with the PCI QSA program, there are even [...]

[Read more →]

As a species, we’ve been at physical security a lot longer than we have been working at information security. That’s why in information security there is a lot of teeth gnashing every time a security incident is made public: “Despite all we are doing, incidents still happen! Management doesn’t understand security! No one respects the [...]

[Read more →]

I was doing local travel yesterday, so missed making a “Twelve Word Tuesday” blog post. Its an interesting exercise, trying to be brief but not banal. It makes me realize that the bandwidth of a face to face conversation is amazingly large. There is a rapid reduction in actual information transfer per unit time when [...]

[Read more →]

Today we have a guest blogger – Mark Nicolett gives his thoughts on what Gartner is up to with the Security Information and Event Management (SIEM) Magic Quadrant for 2009:
We (Kelly Kavanagh and myself) have just published the Gartner 2009 SIEM Magic Quadrant and a companion Critical Capabilities research note. The Gartner SIEM magic quadrant [...]

[Read more →]

I regularly take a look at the SANS Top10 report, which shows the top 10 ports that are currently the target of attacks. There are a few ports that are always under attack – the Microsoft SQL Server (1433/1434) and Windows RPC (135) Netbios (139) and SMB (445) ports, as well as the major protocols [...]

[Read more →]