-
17 Sep 2010Are your high-tech devices enslaving you?
I saw a recent Don't Sweat the Small Stuff calendar quote where Richard Carlson said:"It's important to see when your high-tech communication devices actually limit your freedom, enslaving you instead of providing new opportunities for growth." Wow, how true that is! Ever tried to not look at your emails or answer phone calls when you're out and about with your family or taking some time to yourself? Especially when you're ...
Continue Reading... -
08 Sep 2010
Security’s not just an executive decision
I recently came across this quote by Peter Drucker that struck a chord:"Most discussions of decision making assume that only senior executives make decisions or that only senior executives' decisions matter. This is a dangerous mistake."It reminds of how certain executives decide that information security is something that doesn't affect their business regardless of what others are telling them. I'm sure many of these executives' subordinates are ready and willing ...
Continue Reading... -
08 Sep 2010
Good rule of thumb for information security
Thomas Jefferson once said:"Learn to see in another's calamity the ills that you should avoid." If you want to manage information risks and keep your business out of hot water I can't think of a better principle to work by....
Continue Reading... -
25 Aug 2010
500 million and counting…
I just received a press release from Beth Givens at the Privacy Rights Clearinghouse stating "500 Million Sensitive Records Breached Since 2005". 500 million+ known records that have been compromised in 5.5 years in the U.S. alone due to people in organizations large and small making poor choices about information security and privacy! Simply amazing.If you haven't seen the Chronology of Data Breaches, check it out. It's fascinating. The problem ...
Continue Reading... -
24 Aug 2010
Selling security: To persuade to is succeed
Okay, so your managers aren't getting security and your users aren't on board either. Security's not looking too good but you know it needs to happen. Just how can you "sell" security to those who matter most? Here's a collection of articles and blog posts I've written that address this very subject:How to get - and keep - user support with securityHow to get management on board with Web 2.0 ...
Continue Reading... -
24 Aug 2010
Relentless incrementalism
I don't know who coined the term "relentless incrementalism" but it's very fitting when it comes to information security. In the context of what we do, relentless incrementalism means doing small things over time that add up to big outcomes in the long term.All of us - management included - have to understand that security is not a one-time deal. Nor is it a product or a "compliant" status. It's ...
Continue Reading... -
23 Aug 2010
Panic is not a strategy
Seriously...it's not.In this new piece I wrote for Security & Technology Design magazine, I talk about the lack of incident response planning being one of if not the biggest risk in any given organization...and what you can do about it:Incident response: The biggest security gaffe of all?If anything, never forget what Captain Chesley Sullenberger said after he landed U.S. Airways flight 1549 into the Hudson River last year:"I didn't have ...
Continue Reading... -
23 Aug 2010
Common sense counts the most
A great quote I heard over the weekend has a direct tie-in to what we focus (or don't focus) our efforts on in information security. NASCAR champion Ned Jarrett said:"There's nothing stronger when you're trying to get something done than common sense."I couldn't agree more.In the realm of IT and managing information risks, I'll take common sense over book smarts any day....
Continue Reading... -
12 Aug 2010
Apple’s iPad – a forensic investigation in the making?
Here's a new piece I wrote for SearchCompliance.com on regarding the realities and risks of iPads in the enterprise.Enterprise iPads: Compliance risk or productivity tool?Simply put, they're not all that different that other mobile computing devices but they do bring something unique to the table...Speaking of "i" devices in the enterprise, here's a great read I saw recently in Information Week that outlines a scenario that's at the root of ...
Continue Reading... -
11 Aug 2010
Great information security quote (don’t believe the hype)
There's a Japanese proverb that fits nicely into infosec:"If you believe everything you read, perhaps it's better not to read."Be it F.U.D., vendor hype, or "experts" who claim the sky is falling with every new exploit they uncover - you ultimately need to focus on doing what's best in your environment under your terms....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
