-
03 Jan 2012Damballa’s Fight Against Advanced Malware
Malware being out of sight and out of mind often creates the perception that risks aren't present. Just because there’s no perceived risk, doesn’t mean it’s not there. Heads buried in the sand over the real malware threat leads to breaches that most organizations aren't prepared to handle. Having worked on a project involving an APT infection, I’ve seen first-hand how ugly this stuff can get.Endpoint protection isn’t enough. Analyzing ...
Continue Reading... -
07 Dec 2011
Join me live online today with TechTarget & ISACA
Today is our live virtual seminar Making the Case for the Cloud: The Next Steps. Join me, Urs Fischer, Dave Shackleford, Andrew Baer and Diana Kelley to hear about various aspects of cloud computing you may not have thought about.Starting at 11:15am ET, I'll be presenting on Incident Response in Cloud Computing. I'll talk about common incident response weaknesses I see in my work, questions you must ask your cloud ...
Continue Reading... -
06 Dec 2011
School staff members and porn – Why you should care
Here's an interesting read on government employees trying to make an extra buck by serving up pornography on their high school-issued computers. What a lovely story.Don't think this kind of behavior is random. I've seen this very thing at the university level during a security assessment I did early on in my information security consulting venture.You see, one thing I do during my internal security assessments is connect a network ...
Continue Reading... -
01 Dec 2011
You’re in charge of your own crisis
Whether or not you - or your management - believes you'll suffer a security incident it certainly pays to be prepared. Odds are that something is going to occur.Does your business have a solid incident response plan? What about a communications plan? Is an executive or business PR representative going to say "Um, well, uh you know - we got hacked and stuff..." to the eager media or are they ...
Continue Reading... -
27 Nov 2011
Don’t get mired striving for perfection
As we wind down 2011, here's a quote that relates to information security, incident response and overall risk management:“The person who insists upon seeing with perfect clearness before he or she decides, never decides.” -Henri Frederic AmielSo, do something to better your information security program. Any positive step forward - anything - is much better than getting mired in the desire for perfection and doing nothing at all....
Continue Reading... -
14 Nov 2011
For incidents, preparation is key…But you’ve been hacked, now what?
Here are some new pieces I've written for TechTarget and Security Technology Executive magazine on compliance that you may be interested in:Preparing for an incident at the workstation levelDevelop a Flight PlanHow to know if your website has been hacked As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
15 Sep 2011
Your organization vs. BP: what will faulty decisions lead to in your business?
Imagine a scenario where poor management, failure to take appropriate action, personnel changes and miscommunication about who's responsible for what leads to a catastrophic event at your business? That's exactly what the findings were of the BP oil spill.Sadly, 11 people died because of this incident. Luckily, our line of work isn't quite so risky but your business can still get in a bind when information security is mismanaged.Here's a ...
Continue Reading... -
12 Sep 2011
Microsoft Exchange Data Retention, Incident Response & Other Gotchas
Depending on where you're at with your Exchange "maturity model", here are a few pieces I've written for SearchExchange.com about Microsoft Exchange security oversights, policies and plans to help you along the way:How to write an effective data retention policy for ExchangeSolidify Your Exchange Server Incident Response PlanCommon Exchange Security OversightsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my additional information security articles, whitepapers, podcasts, webcasts, books ...
Continue Reading... -
25 Jun 2011
Exchange incident response, ASLR & common Windows security mistakes
From Exchange to Windows Server to Windows at the desktop, here are some new pieces I've written about Microsoft security that you may be interested in:Six commonly overlooked Exchange security vulnerabilitiesSolidify Your Exchange Server Incident Response Plan10 most common security mistakes people are still makingWhy you need address space layout randomization in Windows Server 2008 R2Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, ...
Continue Reading... -
21 Apr 2011
Amazon’s cloud outage – does it change your perception of the cloud?
Everyone (okay, many; especially the vendor marketing types) keeps swearing by the "cloud"...and then Amazon's EC2 goes down today. How does that affect how you view the cloud?I've been a skeptic and I'm still a skeptic...beware the cloud bandwagon....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
