Hrvoje Pernar

Facebook on Ulitzer I really don’t have any problems with Facebook whatsoever since I don’t really use it in any meaningful way (can it be used in such a way at all?). But that does not mean that Facebook does not have some serius security problems. In fact I could write a book about them if I could find more time. Let’s consider some of them. For instance, Facebook users can use too many different applications for which no serious (mandatory) security evaluation / verification process exists. So hackers and other bad guys can continue to create applications that appear not so malicious but in reality they are. Problem is, of course, that applications are not vetted before their release. You say that Facebook does have application verification program? As Facebook states: “Do I need to be verified to run on Facebook Platform? No. Facebook Platform continues to be ope... (more)

Information Security Strategy

Security Track at Cloud Expo Have you ever Googled "information security strategy“? Try it yourself and see the results. What you get is bunch of mixed-up terminology, most of it does not (should not) fit into what information security strategy really is (or should be). Major misconception is this – information strategy is risk treatment (mitigation) plan. In some way it is true, but let’s consider some major limitations with that approach. According to wiki, „strategy“ is „a plan of action designed to achieve a particular goal.“ So you have a business strategy, which is a plan o... (more)

Disaster recovery service provider selection – what should be considered?

Let’s get back to disaster recovery issues. One issue that’s often overlooked is how to conduct disaster recovery service provider selection (evaluation). What is the right course of action anyway? You want IBM so you cont(r)act IBM right away without any evaluation whatsoever becouse IBM does not fail (you think)? Choosing the right DR service provider can be a dounting task. First of all, you need to do some serious preparation: 1) Have you conducted formal BIA? Do you know your RTO’s, RPO’s etc.? Do you have management approval of BIA results? So you’ve selected critical bu... (more)

What happened to privacy?

We have created a monster. It collects every bit of information about what you do when browsing Internet. It knows what your interests are. It knows your hobbies. It knows when you go to sleep. It knows what movies you like. It knows what music you like. It has access to all of your email communication and attachments and contacts. It knows what you download. Well, it probably knows more about you then your wife / husband / girlfriend / boyfriend does. It knows everything about you. You can get a glimpse of what it knows about you here. Would you use it’s services if it were owne... (more)

Definition of Information Security

Security Track at Cloud Expo According to wikipedia, information security means „protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction“. Another definition could be  – „managing the process of mitigating (transfering, reducing, avoiding) unacceptable information security risks“. And yet another – „the implementation of programs and practices that protect the integrity and safety of computer programs and information“. Of course, there are variations on the common theme. And this theme without any doubt is ... (more)