Blog Archives

With the help of Gemini CLI, I’ve finally migrated all my 20 over years of blogs from https://mengchow.wordpress.com/ to this new https://brightstove.net site. All done in less than three hours....

Was exploring a few open source LLMs installed in my laptop and observed some strange behaviors. Maybe someone here can help to explain why. More importantly, the episode reinforced the...

This post was originally published on Substack here. “Most of the time, we hear about security only when it fails.” - Bruce Schneier, Beyond Fear, 2003</p>

As a follow-up to the earlier paper on "Baseline Technical Measures for Data Privacy IN the Cloud", I'm glad to present the second paper in this data privacy in the...

After several months of collaborative work with Prof Kwok-Yan Lam and Dr Chi-Hung Chi at NTU, and several data privacy and security practitioners in the industry, including Ivy Young of...

Risk management is an approach that is commonly used across many industries. However, the language of risk has not been consistent or easy to understand across existing risk literatures. In...

三年多年前与中国电子出版社和清华段海新教授启动了翻译《Responsive Security》这本书终于在几个星期前圆满完成出版在中国亚马逊和其它网络书店了。中文书名《响应式安全：构建企业信息安全体系》与英文书名有点差别。主要是为了方便读者搜索关键词能更容易找到这本书。不然的话，更正确的书名应该是《响应式安全：有备无患》。

两周前在台北的(ISC)2 SecureTaipei 会议上讲了些云安全的想法。台北IT Home的记者同一天就把主要内容刊登到其网上了。有兴趣的朋友们可以到那儿去看看：http://www.ithome.com.tw/news/114072.

We have fear of the dark because we can’t see what is in the dark. Many of us probably have similar experience of walking up or down an unlighted stairwell...

There will be things that are security capable, things that are not security capable, and things that are somewhere in between. What those things can do, and how much an...

We don’t normally feel the reality of a criminal attack on the Internet (or so called Cybercrime attack in the Cyberspace these days) until someone we know, especially when a friend,...

I have recently published a five parts series on the captioned topic, based on my book of the same title, at Cisco’s Security Blog site. For convenience of the readers...

This past week’s news headlines have once again been filled with a number significant cyber security incidents. Data breaches in JP Morgan, Bash shell vulnerability in a number of Unix/Linux...

Working remotely is a practice that is familiar to many, especially in where I work today, so much so that we often take for granted its benefits, without even realizing their...

Last week at the 14th RAISE Forum meeting in Bangkok, the hotel served breakfast every morning. Among the wonderful selection of western and eastern dishes were two choices of bacon,...

Today marks the start of a new year on the Lunar calendar. As the Chinese saying goes, as the spring season arrives, happiness and prosperity follow. I would like to...

After much anticipation, my new book, “Responsive Security - Be Ready to Be Secure”, is finally published today. Thanks to Prof Pauline Reich of Waseda University, and Chuan Wei Hoo,...

Talking about Shandong in the previous blog (“Before the ashes turn cold”) yesterday, in fact, I just came back from our 12th RAISE Forum meeting which was held at Jinan,...

Bruce Schneier wrote an interesting piece recently about the use of technology for political purposes and suggests that we need “more research into how to circumvent these technologies”: https://www.schneier.com/blog/archives/2013/04/it_for_oppressi.html

Our office at the new business park is an attraction in many regards. There are massage chairs in the lobby area, free flow of coffee and tea in the open...

This is a post that I have drafted roughly about two years ago, when I was still living in Beijing at that time, on an early autumn day. As we...

Walking past a row of cars parked alongside the street next to my apartment this morning, I noticed that a number of them have their safety belts already buckled. They...

Recently, I had the opportunity to speak with several senior information security practitioners on various areas of information security risk management to get their insights and learn about their experiences...

April 1st marked the successful completion of the 9th RAISE Forum meeting hosted by the Information and Communication Security Technology (ICST) Institute in Taipei city. The two-day meetings, as in...

It has been six months since the Berlin meeting in October 2010. It was my first trip to Berlin then, brought about by the SC 27/WG 4 convenorship. The trip was...

I have been jogging outdoor whenever I’m in Singapore due mainly to the warmer weather and cleaner environment there. During my jogs, I have observed the drainage covers that are lined...

Nearly five years ago, I blogged about how the laws are not going to help secure wi-fi networks, and asserted that home wi-fi networks would be the weak link if...

Yet another week of SC 27 Working Group (WG) meeting has gone by. Melaka, or Malacca as I know it since my childhood days, also well known as the old...

It is the time of the year for yet another ISO/IEC JTC 1/SC 27 Working Group and Plenary meeting. The host for the next nine days is the Malaysian national...

Continuing from the morning break in Day one, we have Dr Perry Liu from Chinese Taipei, and Prof Youm Hueng Youl from South Korea, which provided updates on their areas...

Having missed the Lunar New Year visiting and celebration in Singapore last year (2009), I very much enjoyed this year’s visit back home. As in the past, visiting and catching...

The hazy fog in Beijing has triggered many local radio stations and TV news to constantly remind drivers to slow down, turn on the head lamps, and drive with extra...

This is not about Windows 7 or Microsoft, but to have a tail to the head that I started while at Redmond in early November 2009, about the progress of...

Six months have passed since the Beijing meeting. This week, we commence the 7th meeting of the ISO/IEC JTC 1/SC 27/WG 4 at Redmond, Washington, USA. The meeting is hosted...

I like to run outdoor to enjoy the openness, the morning or evening sunlight, the soft blowing winds, and the surrounding scenary that changes with the distance. A long running path that is...

Have not been running for more than a week now, though I did had a few swims in the period, and feeling a little lethargic late afternoon, I decided go...

The 6th WG 4 meeting in Beijing has closed since May 8, 2009. It has been a while for me to find some time to report the meeting outcomes and...

I managed to get up early this morning and went for a jog around the hotel area. My destination was a palace building nearby. According to my colleague, it was about...

I had my second trip to our Shanghai office and engineering center this week. Unlike the previous trip last month, the weather was fine most of the days--truly a feeling...

My family and I went to NanShan (南山), a man-made snow mountain at the edge of Beijing for our first lesson and experience in skiing on the fifth day of...

In an earlier entry, I blogged about how users of non-geniune software secure their systems, and mentioned about IDC's analyst reporting the link between malicious/trojan software and non-geniune software. It seems that...

Having moved to a new residence over the weekend, the first thing that happened then was to also move the broadband connectivity so that I could continue to have a...

Happy new year! As I checked through the list of "draft" blogs that I have left unfinished in 2008, one particular entry looks like something that I should complete for...

Dinning at a Vietnamese restaurant yesterday evening and it occurred to me that we (my family and I) actually didn’t try any Vietnamese food before while living in Singapore in...

I haven’t been running for the past two weeks due to the numerous short trips and started with the treadmill at the gym yesterday, which covered a nice 6 km...

While it is often a challenge to achieve two-way communications in a typical conference setting, even with the use of new communication tools such as mobile short messages (SMS), as...

Conferences, in general, is a one-way communication platform, where a series of speakers get up to the stage and deliver their messages. While there are often opportunities for Q&A, they...

A while back, I blogged about some findings on users' experiences of security breaches. This morning, just come across this new site, known as Security Garden, that is providing "Tip of...

Another week has gone by, closing off the 5th ISO/IEC JTC 1/SC 27/WG 4 meeting at Limassol, Cyprus.  There were some fun during the week, but more importantly, work-wise, significant...

Yet another security standards meeting this week. This may sound like a boring thing, and I guess that's why our host in Cyprus (like many other hosts of SC 27...

Sep 11, 2008 - After struggling through the time zone change and jet lag for three nights, I finally got back my rhythm and able to get up early enough...

It often excites me when new technology is made available to make my daily work and lifestyle more digitally enabled. The Personal Information Manager (PIM) devices are one of those...

The Los Angeles Times reported yesterday that "Public, private sectors at odds over cyber security". It seems that there are high expectation in the US that the government should play a central...

I was browsing thru' Amazon Kindle's catalogue of e-books about 3 or 4 weeks ago and stumbled upon "What I talk about when I talk about running" by Haruki Murakami,...

I was at the SPRING Singapore's Quality and Standards 2008 (QS2008) conference on Aug 20, 2008 and at the keynote was Mr John Wilson, Lead Economist of the World Bank....

If you travel a lot like me, you will probably be one of the readers of inflight magazines, which are the most freely available magazines you can get hold of...

After watching the super long celebration of the Beijing Olympic 2008 opening last night -- four hours on the couch, accompanied by three pots of Pu Er tea, I was...

A few months back, as part of my preparation for an Internet safety and security roundtable session in Hongkong, I compiled a list of useful sites on the topic. Over...

In my previous updates on the completion of the 6th RAISS Forum Meeting proceedings, I promised further updates, but I keep forgetting about it. Finally, through a conversation with a...

X.1207 "Guidelines for Telecommunication Service Providers and End-users for Addressing the Risk of Spyware and Potentially Unwanted Software" was determined and undergone a six months review by ITU-T members from...

Revolving restaurants are often a hit for children. They are also attractions for adults, but mostly during special occasions. Otherwise, they are often expensive places to dine in. However, the two...

While a a new standard on "Guidelines for Cybersecurity" (27032) is being developed in ISO/IEC JTC 1/SC 27/WG 4, the question of "what is cybersecurity" continues to be asked and...

This round, we did not have the proceedings printed. However, the entire volume still undergone the copy writing process, with the PDF version of the contents laid out in ready-to-print...

At a security roundtable held earlier this week with some academics and professionals involved in information security, the subject of Vista security was discussed and debated. My assistant presented the...

Finally, after more than two years of development, the ISO/IEC 24762 on "Guidelines for ICT Disaster Recovery Services" is now completed and published. It is now available for purchase at...

Don't ever try this! It is always dangerous when people get addicted to something (in this case, search engine). Sunbelt Blog: Big Italian bank says "Google your password to see...

I was in Hongkong before the Lunar New Year and read from the press about a 14 years old teenager who was arrested for hacking into a school network. As...

Windows Live has recently released publicly a new Beta version of an online searchable map of China. See http://ditu.live.com, which is 地图@live.com. This should help those who are visiting places...

Some issues are rubbish, while other are stones, or rocks. When we walk along a street and see some rubbish, it is alright for us to help clear it and...

Like all popular movies, they quickly become a series, with new twists to the original story, and also new casts of characters. Sometimes they turn out to be more interesting,...

Have not been using Windows Live Writer for a while since trying out the beta version. On running it again today, after installing the release version, then discovered that I...

While the taxi drivers in Hongkong are technologically geared to receive more calls and communicate better to improve their livelihood, those in the Taipei city are taking a different approach,...

I was reviewing some of the photographs that I have taken in the past months during the many trips I had abroad and within China, and found one (below) amongst...

I remained curious as to why "Waterfree" was printed on the label above the urinal in the male toilets at the Beijing International airport, and did a search (invoking Windows Live of...

An ex-classmate in London used to refer to toilet as the Thinking Room. In fact, it is often a place where one gets the ultimate solitude to reflect, especially when...

The (ISC)2 Japan organized an informal meeting today with several CISSP constituents, including a few course instructors in Tokyo during lunch time for Ed Zeitler, Executive Director of (ISC)2 and...

Sep 20, 2007 - Yin Chuan (银川) - At the 2nd China Computerworld FSI Security conference today, during the keynote address, Dr Ren JinQian, Chief Engineer of a government body, spoke...

The Microsoft's Chief Securty Advisor for Italy, Feliciano Intini, has recently compiled this page in his blog, collating all the current Microsoft-related security blogs in one page, which is probably...

A good news I've gotten from the SC27 Secretariat yesterday morning. In the national bodies (NB) ballot process for the three new projects in WG4, the title has already included...

X.1207 "Guidelines for Telecommunication Service Providers and End-users for Addressing the Risk of Spyware and Potentially Unwanted Software" - This ITU-T Recommendation (which is ITU's term for "standards") has finally...

MSN and Windows Live login now has an integration with Windows Cardspace. Yes, the concept of Information Card is now alive, no longer just a concept! A step nearer to...

The three new work items proposals in WG4 (part of ISO/IEC JTC 1/SC 27) passed the JTC1 balloting this week. So the three new projects -- (1) ICT Readiness for Business Continuity;...

Just read some reports on the roadmap and numbering of the ISO/IEC 2700x series of standards at the ISO 27001 Report blog site: "ISO 27001 Report: ISO 2703n: Latest Developments"....

28 Aug 2007 I had an interesting sight of a taxi driver this evening in Hongkong. I think the term "taxi communicator" suits this driver as he seemed to be really into modern communication technology. A...

As part of the ISO/IEC JTC 1 19th SC 27 and 2nd WG4 meetings, which was held on board the Motor Ship "Lenin", cruising from Moscow to St. Petersburg, we...

I heard about this i'm program recently, but didn't really understand how it works until now, when I accidentally bumped into the i'm web site. This program allows all of us to...

I was in Guangzhou in late March for a customer visit, and got an opportunity on a Saturday morning to do some sightseeing around town before continuing with my business...

March 5, 2007 - Today marks the beginning of my second week in Beijing. One interesting observation over the past seven days is the weather here in Beijing. When I...

I often get asked about the relevance of an Information Security Management System (ISMS), such as the ISO/IEC 27001:2005, to small and medium enterprises (SME) given that such a practice...

February 9, 2007 - This is the third trip in a row over the last five weeks that I have on a Silkair flight. The first was to Trivandrum, which was...

January 17, 2007 - Today is another one of those travelling days, but a very long journey on the road though. There's no flight from Trivandrum to go back to...

I was in Glenburn, South Africa, week before last for the 1st ISO/IEC JTC 1/SC 27/WG4 meeting. Our South African host organized a tour of the game park, cum dinner...

Today (Nov 5, 2006) is one of those unusual day. Unusual not in that everything goes wrong, but everything seems to behave/response differently. Fortunately, the unusual-ness started in the evening,...

Just come across this entry in Slashdot, about a book on managing information security in a corporate environment. What's revealed in the review, and also many comments that are posted...

Had a chance to watch a baseball game in Seattle earlier this month when I was there. The game was between Seattle Mariners and the Twins (from another State in...

The ISO/IEC JTC1 SC27 18th Plenary meeting was held in Madrid from May 16-17, 2006. It set forth the new structure with formal agreement of two new working groups--one on "Security...

Was back in Hanoi last week to conduct a workshop on network security. Got a chance to have a stroll along the streets around Sofitel Plaza hotel area with a...

Was in Hanoi earlier this week for a privacy symposium, speaking on the role of technology in information privacy protection. The focus was that privacy is only as strong as the weakest...

I was having a second look at the photo taken at the Honey Stall along New Zealand motorway during the family vacation and found that in many ways, it is...

Warning signs are often employed by authorities to remind people against undesirable behaviors. They are believed to be most effective when posted in or near areas where the undesirable behaviors...

In Manila this week, and have to travel between two cities every day, passing through and tagging along lines of heavy traffics. The higher than average humility, and the frequent...

Road crimes in the Kiwi land seems to be a major concern (perhaps at least to the authority.) As in many other places, trust in people is also a diminishing...

The Kiwi land that I just came back from is indeed beautiful and very scenic, with clear blue skylines that look like the artworks of those fine watercolor paintings, and natural greens...

Just returned from a 10 days family vacation from the Kiwi land - the New Zealand. This is my first trip to the place, and the general impression is positive,...

It is interesting to read that New York County (USA) is planning to mandate implementation of Wi-Fi security to all commercial businesses using Wi-Fi technology. From a security and law enforcement...

At dinner last night in Bangkok with a colleague, we talked about our ancestors from China, on why they migrated to Singapore during the war period instead of staying put....

In CNA news channel in the morning of Oct 15, there's a documentary on the impact of terrorism in S.E. Asia to foreigners living and working in this region, especially in places...