-
29 Aug 2008Who needs life vests anyway?
Jazz Airlines (subsidiary of Air Canada) has removed life vests from their airplanes in the name of saving weight and fuel. So, increase the risk of your passengers at whatever cost...?? I'm sure the savings of 83 pounds per flight should more than outweigh any risk. Sounds like the typical risk management decisions being made in all too many businesses out there.I suspect we'll start seeing this kind of nonsense ...
Continue Reading... -
26 Aug 2008
Great quotes related to information security management
...or mismanagement if you will:The first quote relates to management's responsibility and using wisely their power of choice when it comes to doing poorly on a security assessment, failing an audit, experiencing a security breach, and falling out of compliance:"Failure to hit the bullseye is never the fault of the target." - Gilbert ArlandThe second one relates to management not supporting information initiatives year after year and then, once a ...
Continue Reading... -
25 Aug 2008
My security content from last week – chock full of good stuff
OK - I finally got the links to my latest material. Here are some articles about getting management on board with security (one of the hardest things we face) , controlling unstructured information, Web apps, storage, and more that you may be interested in checking out: Making the Business Case for Information Security Document Security - Protecting sensitive information both inside and outside of the firewall 7 Essentials for Selecting ...
Continue Reading... -
15 Aug 2008
Access to one card at a time isn’t a bad thing?
I'm writing an article series that includes some information about PCI DSS. In my research, I noticed something interesting - almost comical - about Requirement 12.7:Screen potential employees to minimize the risk of attacks from internal sources. For those employees such as store cashiers who only have access to one card number at a time when facilitating a transaction, this requirement is a recommendation only.So, "access to one card number ...
Continue Reading... -
26 Jun 2008
Does FACTA really exist? Send up a Red Flag!
I spoke recently for a group of technically-savvy accountants. Out of the 120 or so people in the audience, 2 raised their hands when I asked if anyone was aware of the impending FACTA requirements for identity theft protection measures for financial institutions. Two people folks! OUCH.Sign of the times in information security I suppose......
Continue Reading... -
26 Jun 2008
Good management yet bad results? No way!
I was watching my favorite TV channel yesterday (SPEED) and heard well-known racer Tommy Kendall say something that struck a cord. He was actually quoting Carlos Ghosn, head of Renault, who said:"There's no such thing as good management with bad results."I immediately thought, hey, this ties into what I do for a living.Many, many people believe they have information security under control yet time and time again they come up ...
Continue Reading... -
17 Jun 2008
Thought for the day on security policies
Here's an interesting quote I just came across that fits nicely into the mold of security policy management and enforcement:"The test for determining the scope of this provision must not be subject to manipulation by those whose power it is designed to restrain." - from the Supreme Court's decision restoring the writ of habeas corpus...
Continue Reading... -
08 Jun 2008
The essence of security policies in most organizations
I just came across this quote which really stood out as a concise analogy of information security policies in most organizations:"The United States is a nation of laws: badly written and randomly enforced." - Frank ZappaAnd people wonder why they still have security problems......
Continue Reading... -
07 May 2008
Don’t waste your money on a hybrid or ethanol automobile…
Telecommute!The politicians want us to burn more ethanol in our cars but it's a terrible idea. Ethanol not only burns 29% more fuel than it creates, using fossil fuels to create ethanol adds even more carbon dioxide to the atmosphere. Check out these very interesting facts about ethanol we don't hear about in the news.Anyway...back to working from home. I know, I know, many managers don't believe in telecommuting. They ...
Continue Reading... -
30 Apr 2008
Small business owners take note – security affects you too!
In fact, the threats and vulnerabilities we're up against don't discriminate. Size doesn't matter. Here's a good read on this if you're trying to find some ammo to get management on your side and show that security affects all businesses - large and small.Here's another story about how credit card thieves are targeting small businesses.Oh, one more thing - one of the greatest bits of ammo is the Privacy Rights ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
