I was fortunate to be introduced to a good ex-Microsoft Security person, Shivaram Mysore.  He has an interesting whitepaper on Web 2.0 Security. It is worthy read. The whitepaper gives a brief introduction to service models available and aligns your thought process around securing Web 2.0 around these service architectures.

I recently attended the pre-screening of the Information Security documentary titled: The New Face of Cybercrime. The documentary was very nicely done, considering the Director Fredric Golding has no background in Information Security.

The thought leaders panel discussion was very stimulating. Being an analogy person, I liked analogy narrated by Howard Schmidt , Former White House Security Advisor, about evolution of Information Security and evolution of Firefighting. In the past, Firefighting was a reactive approach but these days people factor in the the threat of fire pro-actively into the building design - sprinklers, fire retardant materials and so on. Another panelist Ted Schlein, Managing Partner KPCB, mentioned the security spending is around $12 billion/year vs. the loss due to information security breach is around $100 billion/year - trail of money always sounds interesting to me. There were lots of discussions about Inside-Out vs. Outside-In approach to Information Security.

Thanks to Fortify for putting this event together. I am sure we need more such events should happen amongst the executive crowd to bring a high level of security awareness.

Lastly, I would like conclude this post by quoting the importance of user awareness because user awareness determines the "usage" which is a very important component for a the threat model of an information system. I conclude by repeating the popular quote: "There is no patch for stupidity".