-
20 Dec 2010Tips and tricks on e-discovery, forensics, and managing esi
Here are a few pieces I wrote and recorded for SearchCompliance.com on managing all that electronic data on your network that you're constantly drowning in...Leaning on records management can take the angst out of e-discoveryWhy you need to create an ESI strategy (webcast)Why you need to create an ESI strategy (podcast)What is computer forensics technology? Does it help compliance?...
Continue Reading... -
11 Oct 2010
Got compliance? Here are some tips for moving ahead.
Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...
Continue Reading... -
28 Sep 2010
Cybersecurity Act of 2009 – It’s great for government growth!
You may already know how I feel about our out of control government. Well here's a new piece I wrote about the Cybersecurity Act of 2009 - legislation that'll make your head spin.Why the Cybersecurity Act is better for government than businessIn subsequent edits to this article I had added some material on the new Lieberman-Carper-Collins legislation Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Senate Bill 3480) ...
Continue Reading... -
21 Sep 2010
Just run down the checklist – that’s “good enough”
No offense to my auditor friends/colleagues and all the hands-on auditors of the world who DO know their stuff...Here's a new piece I wrote about one of the greatest impediments to reasonable information security in business today:Why do so many people buy into “checklist” audits?...goes back to the compliance crutch mentality that my colleague Charles Cresson Wood and I wrote about last year. Time to move on?? Looking at how ...
Continue Reading... -
15 Sep 2010
New content on data protection & compliance
Here's the full download of the CSO Executive series I wrote recently for Realtimepublishers.com on data protection and compliance in the enterprise:The series consists of the following: Article 1:Primary Concerns of Regulatory Compliance and Data Classification Article 2:Finding, Classifying and Assessing Data in the Enterprise Article 3:Data Protection Reporting and Follow UpEnjoy!...
Continue Reading... -
27 Aug 2010
HIPAA & HITECH: new requirements + same approaches = new book
My colleague and co-author Becky Herold and I are working on the second edition of our HIPAA book and I'm realizing, wow, not much has changed in the way of managing information risks since we first wrote it in 2003. Yet, the protected health information breaches keep on occurring (look at the two latest ones from this week).Stay tuned though...we've got lots of good updates and new info forthcoming on ...
Continue Reading... -
16 Jun 2010
Data Protection and Compliance in Complex Environments
Here's a new guide I just completed aimed at C-level information protection professionals:The three CREDANT-sponsored pieces cover:Primary Concerns of Regulatory Compliance and Data ClassificationFinding, Classifying and Assessing Data in the EnterpriseData Protection Reporting and Follow upSimply click the image above or browse to Realtime Publisher's landing page for this CSO Executive Series and download from there.By the way, Realtime has a ton of free content practically anyone in our field ...
Continue Reading... -
21 May 2010
The compliance crutch mentality rides on
I believe it was my colleague Kevin Bocek who once said: "Security done right will yield compliance for free. Compliance for compliance sake will always deliver more problems in the end."Why is it so many business leaders keep ignoring this reality?It's funny, I was just thinking about an article I co-authored for CSO Online with Charles Cresson Wood nearly a year ago entitled The Dangers of Over-Reliance on Compliance. Those ...
Continue Reading... -
29 Apr 2010
IT security roundtable starting soon
Join me if you can in just over an hour for AppSec's Five Burning Questions: Q2 2010 IT Security Auditor Roundtable. I and others from companies such as Ernst & Young, KMPG, and Protiviti will discuss database audit challenges and share tips and best practices you can implement to ensure database compliance and security.I hope to "see" you there!...
Continue Reading... -
22 Mar 2010
Are you destroying your backup media the right way?
Here's a recent podcast I recorded on backup media data destruction...better be sure you're doing it the right way:Ensuring proper data deletion or destruction of backup media...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
