Guide for Mapping Types of Information and Information Systems to Security Categories

Draft Special Publication 800-60 Revision 1, Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories and Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, is now available for public comment at The draft revision to Volume I contains the basic guidelines for mapping types of information and information systems to security categories. The appendices contained in draft Volume II include security categorization recommendations and rationale for mission-based and management and support information types

'Unbreakable' BD+ Blu-ray protection cracked

A software firm reckons it has definitely cracked the forthcoming BD+ copy protection on
Blu-ray discs even though
Sony says it has beefed up the protocols involved.

Confident developer
says it has the ability to get round the Blu-ray camp's latest security
protocol – despite its latest AnyDVD software only cracking Blu-ray's
older security system, AACS (Advanced Access Content System).
Currently, Blu-ray disks are digitally encrypted using that system,
also used by the HD DVD camp. But BD+ is a new layer of security that
is exclusive to Blu-ray.

Blu-ray: not so tough

already found a way to crack BD+ and we have just turned to
fine-tuning,” said James Wong, SlySoft's head of development in a
statement. “I should really think about hiring a bodyguard now, since
this product won't please everybody.”

Read the full article on

More feedback about IBM Security

I am getting word if more and more coverage on these announcements that IBM made on Thursday. Here are a few excerpts from new stories:

Investor's Business Daily: “It's an extremely ambitious strategy but also one that plays well to some of the company's fundamental strengths,” said analyst Charles King, of research firm Pund-IT, whose clients include IBM. It “does very well at developing end-to-end solutions and its view of enterprise IT is quite sweeping in comparison to some of its competitors.”

eWEEK: “We've been seeing the security market itself lurch form headline to headline, and customers in particular need to stop thinking about their strategy in terms of the latest crisis,” said Lovejoy. “We're trying to elevate risk management above other security conversation; starting with PCI fits that mold well, because it dovetails with this concept of starting with a risk management plan.”

Investor's Business Daily: “The more we engage with our clients, the more it becomes clear that security as it has been until now is broken,” said Val Rahmani, general manager of infrastructure management services for IBM Global Technology Services. “Many clients have 32 different vendors doing security for them. Who can manage 32 different vendors doing related aspects of the same thing?”

InfoWorld: “[IBM is] in a position that few others in IT can match or challenge when it comes to having a fairly complete story across multiple aspects of enterprise IT and systems integration—but security had long been an obvious gap in that story,” said Scott Crawford, an analyst with Enterprise Management Associates. “What they are pushing towards with this announcement is a strategy that takes a more comprehensive approach to security across multiple fronts. With the rise of focus on a more strategic approach to GRC, I would expect more vendors to take a more strategic approach to the IT security and risk management market,” he continued. “This is an example of a company that can take on such an initiative with more credibility than many.”

And we also have some video and radio coverage:

IBM Security, a good place to be right now!

Just to name a few…  So, yeah, I've been busy.  I am now working on both Tivoli Security Operations Manager (TSOM) and Tivoli Compliance Insight Manager (TCIM).  These products work very well together in what is dubbed “The IBM SIEM Solution”.  The articles above speak of Tivoli and Watchfire (part of the Rational brand) in Software Group and ISS in Global Technology Services.  So the $1.5B will be spread around a bit.

The comforting thing is that IBM is making a significant investment into allowing it's recent acquisitions (Consul, Micromuse, ISS, Watchfire) work together to meet the customer's needs.  No longer will people doubt me when I say “I'm a security guy” and “I work for IBM” together.

Here's the official press releases: