-
04 Jun 2014More Web security vulnerability assessment, audit, and pen testing resources
I've been busy in the world of Web security testing - both with work and with writing. Check out these new pieces on the subject. I suspect I'll tick off a "researcher" or two given my business angle and 80/20 Rule-approach of focusing on the most problematic areas of Web security...Still, I hope that these are beneficial to you and what you're trying to accomplish in your organization: Key Web ...
Continue Reading... -
13 Mar 2014
HIPAA compliance lip service
Here's an example of the lip service (security theater) people give to compliance and information security found on display at one of those giddy-over-regulations retailers:Really, who's certified? How are customers to know what this means?Checkbox checked...all that matters.Good stuff....
Continue Reading... -
19 Feb 2014
Step up or step aside, somebody needs to fix your security woes
I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we're basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today's new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.But it can work - if ...
Continue Reading... -
28 Jan 2014
My latest security content impacting everyone from CIOs to project managers to those who are “going green”
I thought you might be interested in these recent information security articles and webcasts I've written and recorded:Information security project considerations for project managersThe information security basics your organization should already knowHow VARs can help customers securely discard e-waste Regulatory compliance requirements for security solutions providersKeeping resilientExtending HIPAA Compliance from Electronic Health Records to Document and Data TransmissionsInformation Technology and Business Continuity – Filling the gaps to protect your businessBe ...
Continue Reading... -
08 Oct 2013
Windows 8.1 changes/enhancements, BitLocker’s improvements, and related Windows mobile/security tips
In addition to my independent information security assessments through my consultancy Principle Logic, I've been writing a ton...including a lot on Windows 8 and 8.1. Check out these new pieces published by my friends at TechTarget:What's old, what's new for the enterprise with Windows 8.1Understanding why Windows 8 for mobile is perfectly viable for enterprise use Don’t forget enterprise password protection in a merger or acquisition Three ways Sysinternals Process Explorer ...
Continue Reading... -
01 Oct 2012
-
10 May 2012
-
22 Mar 2012
An interesting Microsoft tool to help with data classification
Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge. If the Data Classification Toolkit is anything like ...
Continue Reading... -
09 Mar 2012
My upcoming webcast on firewall management
Join me and AlgoSec's Nimmy Reichenberg next week for a unique discussion on strategies for improving firewall management.We all know it's the elephant in the room...Today's enterprises have firewalls that are so complex and so fragile yet no one's really taking care of them. Any processes that do exist around rule management, rule changes and firewall risk analysis are often manual - and oh so painful.I know, I know, firewalls ...
Continue Reading... -
27 Feb 2012
Video: Seeing the big picture in information security
Little has been written about this in the context of information security but it's something you've go to consider in every decision you make:...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
