-
09 Feb 2015Back to basics in information security? Proven year after year but (apparently) unattainable for many.
I'm often wrong about many things in life...just ask my wife. However, I'm feeling a bit vindicated regarding my long-standing approach to information security: address the basics, minimize your risks. You see, more and more research is backing up what I've been saying for over a decade. It what was uncovered in the new Cisco 2015 Annual Security Report. [i.e. "Less than 50 percent of respondents use standard tools such ...
Continue Reading... -
21 Jan 2015Øbama knows more about information security than we do
I know it's painful to listen to our Ruler wax poetic about how great things are in America and how he's going to continue transforming society for the better...so just in case you missed last night's State of the Union and proposed initiatives, his regime wishes to "better secure" the Internet and our networks by making changes to the Computer Fraud and Abuse Act (CFAA). Here are some good reads ...
Continue Reading... -
08 Oct 2014
What no one is saying about cyber insurance
I race cars for fun and sport and found out the hard way not long ago that if I wanted to increase my life insurance I was going to have to jump through numerous hoops and pay enormous premiums for a minimal increase in my existing coverage. I was thinking about this scenario compared to 'cyber insurance' and, wow, what a difference. Knowing what I know, there appear to be minimal ...
Continue Reading... -
19 Sep 2014
Resources to get up to speed with the latest HIPAA security requirements
Check out the newly-revised second edition of the book I just finished co-authoring with Rebecca Herold that's due out October 21st: Be sure to check out my other IT security compliance resources on my website. Enjoy!...
Continue Reading... -
02 Sep 2014
Bits & pieces on the 2014 Home Depot data breach
The news of the new Home Depot credit card breach combined with me being based in Atlanta as well, I feel compelled to share some links to some of the recent pieces I've written about point-of-sale and retail information security in hopes that a nugget or two might prove beneficial to someone out there...here they are:The Target Breach – Can It Be Prevented?Six endpoint management lessons from POS security breachesSecurity ...
Continue Reading... -
22 Aug 2014
CISOs, lawyers, awareness training, and other infosec blunders you need to know about
I've been super busy putting my twisted thoughts on paper...here are a few pieces you might enjoy:When your lawyer becomes your CISO The compliance crutch holding up Corporate AmericaThe fallacy of information security awareness and trainingThe one skill worth mastering in ITQuantifying the disconnect between the business and securityThe critical item that’s missing from most IT security programsWhat's your one hot button security item? Top detractors of security oversight The funny ...
Continue Reading... -
18 Aug 2014
A resource to help with PCI DSS 3.0’s penetration testing methodology requirements
PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter. I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 ...
Continue Reading... -
18 Jul 2014
How to communicate Web security to management, must-have security testing tools, and compliance in the cloud
Check out these new pieces I've written and recorded on Web application and cloud security. If you follow the things I recommend on communication (first three links), you can absolutely transform your information security program and the way that people perceive you as an IT professional.Communicating with Management about Web Security, Part 1 - Knowing What You're Up AgainstCommunicating with Management about Web Security, Part 2 - Prioritization and Sending ...
Continue Reading... -
14 May 2014
Web security vulnerability testing and management resources you need
Here are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written ...
Continue Reading... -
13 Mar 2014
HIPAA compliance lip service
Here's an example of the lip service (security theater) people give to compliance and information security found on display at one of those giddy-over-regulations retailers:Really, who's certified? How are customers to know what this means?Checkbox checked...all that matters.Good stuff....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
