Hrvoje Pernar

Subscribe to Hrvoje Pernar: eMailAlertsEmail Alerts
Get Hrvoje Pernar via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Hrvoje Pernar

Security Track at Cloud Expo Have you ever Googled "information security strategy“? Try it yourself and see the results. What you get is bunch of mixed-up terminology, most of it does not (should not) fit into what information security strategy really is (or should be). Major misconception is this – information strategy is risk treatment (mitigation) plan. In some way it is true, but let’s consider some major limitations with that approach. According to wiki, „strategy“ is „a plan of action designed to achieve a particular goal.“ So you have a business strategy, which is a plan of action designed to achieve business goals. You have IT (development) strategy, which is a plan of action designed to achieve IT goals, that support achievement of business goals (or more precisely – that are aligned to business goals – strategy).  It should be common sense that therefore ... (more)

Facebook Security Issues

Facebook on Ulitzer I really don’t have any problems with Facebook whatsoever since I don’t really use it in any meaningful way (can it be used in such a way at all?). But that does not mean that Facebook does not have some serius security problems. In fact I could write a book about them if I could find more time. Let’s consider some of them. For instance, Facebook users can use too many different applications for which no serious (mandatory) security evaluation / verification process exists. So hackers and other bad guys can continue to create applications that appear not so ma... (more)

Definition of Information Security

Security Track at Cloud Expo According to wikipedia, information security means „protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction“. Another definition could be  – „managing the process of mitigating (transfering, reducing, avoiding) unacceptable information security risks“. And yet another – „the implementation of programs and practices that protect the integrity and safety of computer programs and information“. Of course, there are variations on the common theme. And this theme without any doubt is ... (more)

Information security objectives / goals

What is an information security objective or goal? Could you state that your organisation’s information security objective / goal is to „protect confidentiality, integrity and availability of information“? Pause and think for a second. Isn’t this a definition of information security? Isn’t this what is information security all about – protecting information? Is this maybe too general? What are your security objectives? This seven word statement is the most commonly used information security goal statement in information security policy documents and if left just like this – ... (more)

Disaster recovery site selection – the distance problem

Anyone who’s reading this entry of mine has doubtless asked this question (when speaking of disaster recovery sites)- what is the right distance from primary to secondary company (disaster recovery) site? Is there any law, regulation, standard, best practice or anything else that defines the „right“ distance? If so, what is it?  10 miles, 50 miles, 100 miles or more? Or less? Is there any universally acclaimed methodology for determining the „right“ distance? Well, … the answer is NO. There is no such document that defines the minimum distance from primary to secondary site. The... (more)