-
27 Sep 2017SEC, Equifax, what’s next? Focus on – and fix – the stuff that matters in security.
I recently consulted with a client on the SEC and Equifax breaches and had some thoughts that I left with that I wanted to share here: Your security program is only as good as your day-to-day processes and people. No amount of policies, plans, and technologies is going to prevent you from getting hit. Reactive security is apparently the new norm, at least according to SEC chairman Jay Clayton. I ...
Continue Reading... -
19 Jan 2017
Children’s Hospital Los Angeles breach reminds us that HIPAA means nothing if you ignore its requirements
Back in 2007 I wrote a blog post on what's it going to take to encrypt laptop hard drives. After seeing this recent story about Children's Hospital Los Angeles, I can't help but shake my head.The 0 comments on this article says a lot as society is becoming immune to these breaches...I think I've heard it called breach fatigue - it's not unlike presidential politics as of late! In 2007, these ...
Continue Reading... -
19 Sep 2016
What, exactly, is reasonable security? The state of California knows!
With all that's happening in the world of information security, it seems that there's never enough regulation. From to HIPAA to the state breach notification laws to PCI DSS and beyond, there are rules - and guidance - around every corner. Oddly enough the breaches keep occurring. As if what we've been told up to this point is not reasonable enough. Some people, mostly federal government bureaucrats and lawyers who ...
Continue Reading... -
07 Dec 2011
BitLocker, Passware…heads in sand everywhere!
Three times in the past three weeks. That's how many conversations I've had people who have blown off any sort of technical or operational weaknesses associated with Microsoft BitLocker when using it as an enterprise full disk encryption solution. They're well-documented. I highlighted these issues in my recent whitepaper The Hidden Costs of Microsoft BitLocker as well.I've said it before and I'll continue saying it: I've sung the praises of ...
Continue Reading... -
04 May 2011
From culture to products to malware to breaches – where do you stand?
Here are some new opinion pieces on information security management that I wrote for Security Technology Executive magazine that you may be interested in:Don’t end up on the wrong side of a data breachFighting the malware fight all over again9 good reasons not to buy information security productsSecurity best practices without question?How's your security culture?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security ...
Continue Reading... -
02 Mar 2011
Data breach statistics show that problems still exist
Have you checked out the Chronology of Data Breaches lately?...Very interesting stats on known data breaches. I peruse the site through every now and then and it seems that every time I do there's an organization that 1) I've done business with (for personal stuff) or 2) as in the case of MicroBilt Corporation's breach posted last week they're right down the road from me.Does the six degrees of separation ...
Continue Reading... -
02 Mar 2011
The real numbers behind lost laptops
Here's a recent piece I wrote for my friends at SearchCompliance.com regarding the lost laptop problem and what it's costing businesses:The Billion Dollar Lost Laptop – What’s it costing your business?I've seen some naysayers out there stating that there's no way a lost laptop could match up to Ponemon's figures. I say why find out!? Whatever the cost, the solutions for laptop security are simple once the choice is made ...
Continue Reading... -
08 Feb 2011
Findings from the Fort Hood shooting underscores today’s incident response reality
You may have heard about this in the news over the weekend: apparently the Army psychiatrist turned Islamic extremist who killed 13 people at Fort Hood in November 2009 could've been prevented had the FBI and Army been communicating with one another.Sadly the same poor communication exists in the corporate world. Along the same lines of this incident, based on what I see in my security assessments I can confidently ...
Continue Reading... -
25 Aug 2010
500 million and counting…
I just received a press release from Beth Givens at the Privacy Rights Clearinghouse stating "500 Million Sensitive Records Breached Since 2005". 500 million+ known records that have been compromised in 5.5 years in the U.S. alone due to people in organizations large and small making poor choices about information security and privacy! Simply amazing.If you haven't seen the Chronology of Data Breaches, check it out. It's fascinating. The problem ...
Continue Reading... -
01 Dec 2009
Funny thing about notices of privacy practices
I just received a "notice of insurance information practices" from my health insurance provider that says something to the effect of:"ALL INFORMATION CONFIDENTIAL. We're required by law to keep your information confidential. It will be seen only by our employees and authorized business associates."Really? Pretty gutsy statement from any business but especially one who's already been listed on the Chronology of Data Breaches....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
