1 Raindrop

Gunnar Peterson's loosely coupled thoughts on distributed systems, security, and software that runs on them.

Recent Posts

  • Security Champions Guide to Web Application Security
  • Security > 140 Conversation with Pamela Dingle on Identity
  • 6 Things I Learned from Robert Garigue
  • The Curious Case of API Security
  • Security Capability Engineering
  • Ought implies can
  • Security > 140 Chat with T. Rob Wyatt on MQ and Middleware Security
  • Privilege User Management Bubble?
  • The part where security products solve the problem
  • Four Often Overlooked Factors to Give Your Security Team a Fighting Chance

Blogroll

  • Adding Simplicity - An Engineering Mantra
  • Adventures of an Eternal Optimist
  • Andy Steingruebl
  • Andy Thurai
  • Anton Chuvakin
  • Beyond the Beyond
  • cat slave diary
  • Ceci n'est pas un Bob
  • ConnectID
  • Cryptosmith
  • Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics
  • Enterprise Integration Patterns: Gregor's Ramblings
  • Financial Cryptography
  • infosec daily: blogs
  • Jack Daniel
  • James Kobielus
  • James McGovern
  • John Hagel
  • Justice League [Cigital]
  • Kim Cameron's Identity Weblog
  • Krypted - Charles Edge's Notes from the Field
  • Lenny Zeltser
  • Light Blue Touchpaper
  • Mark O'Neill
  • Off by On
  • ongoing
  • Patrick Harding
  • Perilocity
  • Pushing String
  • Rational Survivability
  • rdist: setuid just for you
  • RedMonk
  • RiskAnalys.is
  • Rudy Rucker
  • Software For All Seasons
  • Spire Security Viewpoint
  • TaoSecurity
  • The New School of Information Security
  • Windley's Technometria
  • zenpundit
Blog powered by Typepad

Hermitage Lawyer Dies in Jail

Last year, I blogged about the Corporate Identity Theft of the Hermitage Fund's hundreds of millions dollars in Russia. Today, the FT reports that Hermitage's 37 year old lawyer died in jail in Russia where he was held for the past year. From WSJ:

Sergei Magnitsky, a Russian lawyer working for embattled investment fund Hermitage Capital, died in a Moscow jail after complaining for weeks of being denied adequate medical treatment.
...
Mr. Magnitsky, 37 years old, was jailed nearly a year ago and charged with tax evasion in a case involving Hermitage.
...
"They held him for 11 months, asking him to fabricate testimony against Hermitage," said Jamison Firestone, managing partner of Firestone Duncan, the Moscow firm where Mr. Magnitsky worked. "The more he refused, the worse his conditions became." Russian officials have denied those allegations."

To learn more about what's happened to Hermitage, this video has the play by play.

November 18, 2009 in Governance | Permalink | Comments (0) | TrackBack (0)

Jeremy Epstein on Governance

'a system can be governed and still be insecure' - jeremy epstein at unatek today. as we say in minnesota - ya sure, ya betcha

May 09, 2007 in Governance, Security | Permalink | Comments (2)

James Kobielus: Effective SOA through Governance-Assurance Synthesis

James Kobielus responding to earlier governance post:


Effective SOA (i.e., software development, deployment, and management life cycle) governance ensures that the relying party (the "organization," per your definition) can have a high degree of confidence that "the system functions meet a desired set of properties and only those properties...the functions are implemented correctly, and...the assurances hold up through the manufacturing, delivery, and life cycle of the system."

Another way to look at how assurance provides the integrity across the governance layers:

Governanceassurance

Assurance - its not just for the feds any more!

April 21, 2006 in Assurance, Governance, Security, SOA | Permalink | Comments (0)

Darwin Lives: Governance Models and Ability to Govern

Governance models are all the rage and some of the stuff being written about them is actually useful [2,3], the problem is that most of the people who talk about governance models have zero ability to govern. For example, consultants love to talk about governance models, but this should not be confused with the ability to govern standards, deployments, processes, and decisions. What is helpful is to clearly separate the concerns of the providers and consumers of the technologies, processes, and strategies in play in the model. Understanding the scope of responsibility, will definitely help projects understand where they fit inside an organization, but it is not the same as governing. The other thing that I have noticed in most governance models is an overall lack of assurance [1].Assurance brings in another dimension to governance models, because it works across the strategic, process, and services layers; and creates a closed loop process where recalcitrant processes and services may be rooted out.

Lastly, Darwin wins. Always. Never confuse your governance model with the quality of your apps and services. These along with the accuracy and fidelity with which your apps and services reflect the business needs of service consumers and providers are likely to be the true measures of the eventual reach and impact of those services rather than your governance model.

April 21, 2006 in Assurance, Governance, SOA | Permalink | Comments (0)

My Photo

SOS: Service Oriented Security

  • The Curious Case of API Security
  • Getting OWASP Top Ten Right with Dynamic Authorization
  • Top 10 API Security Considerations
  • Mobile AppSec Triathlon
  • Measure Your Margin of Safety
  • Top 10 Security Considerations for Internet of Things
  • Security Checklists
  • Cloud Security: The Federated Identity Factor
  • Dark Reading IAM
  • API Gateway Secuirty
  • Directions in Incident Detection and Response
  • Security > 140
  • Open Group Security Architecture
  • Reference Monitor for the Internet of Things
  • Don't Trust. And Verify.

Archives

  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015

More...

Subscribe to this blog's feed