Kevin Beaver's Security Blog

Children’s Hospital Los Angeles breach reminds us that HIPAA means nothing if you ignore its requirements

Back in 2007 I wrote a blog post on what's it going to take to encrypt laptop hard drives. After seeing this recent story about Children's Hospital Los Angeles, I can't help but shake my head.The 0 comments on this article says a lot as society is becoming immune to these breaches...I think I've heard it called breach fatigue - it's not unlike presidential politics as of late! In 2007, these ...

You can’t buy security for $1, but some people will fall for it

I recently deposited a check at a giant monster mega bank that's continually trying to sell me new services and the teller asked: "Would you like to buy identity theft protection for just $1 today?"Wow, really...so you're saying my personal information will be safe and secure for a mere $1...!? Amazing...but no thanks. Sadly, many in management are like the average consumer: they just don't realize what it takes to ...

With all the recent hype and hoopla over Windows 8 and Server 2012, I thought I'd throw in my two cents into the Microsoft analysis arena...here are some recent pieces I've written that you may be interested in:Thoughts and considerations around the forthcoming System Center 2012 Configuration ManagerWhy the simple Windows 8 Metro interface may not benefit usersMicrosoft Security Compliance Manager enhances desktop securityA first look at Microsoft Office 15 ...

BitLocker, Passware…heads in sand everywhere!

Three times in the past three weeks. That's how many conversations I've had people who have blown off any sort of technical or operational weaknesses associated with Microsoft BitLocker when using it as an enterprise full disk encryption solution. They're well-documented. I highlighted these issues in my recent whitepaper The Hidden Costs of Microsoft BitLocker as well.I've said it before and I'll continue saying it: I've sung the praises of ...

My new paper on BitLocker’s hidden costs

I've been a fan of Microsoft BitLocker since it first came out. It provides a cheap and easy way for users to lock down their laptops and mobile storage devices and is especially helpful in small businesses where security knowledge is scarce at best. Although BitLocker protection can be bypassed, it's still better than nothing - like WEP for wireless networks.Anyway, if you're considering BitLocker as your disk encryption solution, ...

Steve Jobs’ ridiculous iTunes interface

I just spent 6.5 minutes cracking a family member's laptop password in order to demonstrate the dangers of not having whole disk encryption. I then went on to spend 20 minutes+ of my life trying to sync some new music to an iPod Touch with the unbelievably difficult iTunes interface.... After investing a lot of time (that I'll never get back, mind you) I still didn't get the music synced. ...

Tidbits on enterprise mobile security

Here are some recent pieces I wrote for SearchEnterpriseDesktop.com on the subject of mobile security that you may be interested in:Securing the new desktop: enterprise mobile devicesSecurity tools that can boost Windows Mobile and Windows Phone 7 securityWhole disk encryption gotchas to look out forEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, whitepapers, podcasts, webcasts and more....

Coffee shop laptop thefts in Atlanta a good reminder

Here's a good reason why you need to remind your employees of the risks of using laptops in coffee shops and other public places. Once the thief has it, it's all over...unless of course a brave (stupid?) coffee shop employee comes to your rescue.A good rule of thumb is if you're setting up shop for a while then use a laptop lock to secure the system to the table. Most ...

The real numbers behind lost laptops

Here's a recent piece I wrote for my friends at SearchCompliance.com regarding the lost laptop problem and what it's costing businesses:The Billion Dollar Lost Laptop – What’s it costing your business?I've seen some naysayers out there stating that there's no way a lost laptop could match up to Ponemon's figures. I say why find out!? Whatever the cost, the solutions for laptop security are simple once the choice is made ...

More on the Ponemon Lost Laptop Survey

Here's a short piece where I was quoted by Rod Scher in Processor magazine (a very good trade rag by the way) on the Ponemon Institute's Billion Dollar Lost Laptop study.Not only are the numbers astounding, this is a big problem that's growing every day - crying out for our attention....