The first question I often get when talking to IT Service providers on ISO 27001 certification is: "How much does it cost to get it?" I like to reply with a question: "how much does it cost when you don't have it?" The answer to the first question is easy, the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified. more
According to a 2013 TwinStrata survey, 46 percent of organizations use cloud storage services and 38 percent plan to adopt this technology in the near future. Cloud storage capacity demands are increasing 40 to 60 percent year-over-year, while storage density lags behind at 20 percent. The result? More data, growing demands for space and increasing security concerns. How do enterprises overcome cloud storage security challenges? more
We live in a world of information abundance and the proliferation of ideas. Through mobile devices, tablets, laptops and computers we can access and create any sort of data in a ubiquitous way. But, it was not always like that. Before the Internet information was limited and was travelling slow. Our ancestors depended on channels of information that were often subjected to various policy and regulatory restrictions. The Internet changed all that. more
Two weeks ago I wrote about Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty. Yahoo used an emerging system called DMARC, which was intended to fight phishing of often forged domains like paypal.com. A domain owner can publish a DMARC "reject" policy which, oversimplifying a little, tells the world that if mail with their name on the 'From:' line didn't come from their servers, it's not from them so you should reject it. more
It appears that the FCC will permit exceptions to the standard, plain vanilla best efforts routing standard for Internet traffic, such as the paid peering arrangement recently negotiated between Comcast and Netflix. In both academic and applied papers I have supported this option, with several major conditions... With no opposition that I have seen, companies like Akamai offer better than best efforts routing of "mission critical" traffic from content source to last mile, "retail" Internet Service Providers. more
Karl Auerbach has written a quite long but very detailed and well thought out letter to Congress. It's not clear which members of Congress were sent the letter. Karl Auerbach is a former member of ICANN's board and is probably best remembered by many as having taken ICANN to court (and winning) in order to gain access to the organisation's financial records. more
The internet affects every individual in this world whether directly or indirectly. For example, a medical professional somewhere in Goma, Congo might access the internet to read and post reviews to current medication available and this might have an impact on the kind of medication that he/she recommends to the patient, whether the patient has access to affordable internet or not. Since the internet affects everyone, Africans citizens who are aware of internet governance discussions, expect African stakeholders to engage in these discussions. more
It seems everywhere I turn, there's someone throwing around statistics for how the Internet and broadband will drive economic growth, create jobs, end world hunger and bring world peace (ok, maybe not the later). Sure enough, government officials are buying into that rhetoric and extending it in initiatives like national broadband strategies, cybercrime and cybersecurity plans as well as e-governance strategies. more
The recent discovery of the goto fail and heartbleed bugs has prompted some public discussion on a very important topic: what advice should cryptologists give to implementors who need to use crypto? What should they do? There are three parts to the answer: don't invent things; use ordinary care; and take special care around crypto code. more
ICANN has been sent a letter by the European Data Protection Supervisor calling them out with respect to both data collection, retention and privacy within the context of the 2013 Registrar contract (RAA). The letter is the first instance of one, to my knowledge, which makes reference to the ECJ's recent ruling that rendered the data retention directive null and void. more
Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more
Since the end of last year, amplification attacks have been increasingly used by attackers and received heavy media coverage. Everyday protocols not given much thought before, like Network Time Protocol (NTP), can be asked in a very short remote command to send a very large response (list of 600 clients last connected to the NTP server) to a spoofed IP address (the target) by the requestor/attacker. more
The Applicant Auction team is getting an increasing number of requests from applicants who are scheduled for ICANN's Last Resort auction and would prefer to participate in the Applicant Auction instead. A common question is: What is my last chance to participate in an Applicant Auction? To be able to give a clear answer for this, we are suggesting a schedule for future Applicant Auctions. more
Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. more
New gTLD Applicants now have a more fair and reasonable ICANN auction framework. A collaborative negotiation between the New TLD Applicant Group (NTAG) Auctions Working Group and ICANN Staff resulted in changes that improve the auction rules and bidder agreement. The indemnification and waivers in the agreement are now aligned with breaches that applicants can control. Applicants also now have an indemnification from Power Auction for third party claims related to IP infringement. more
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byWhoisXML API