-
20 Apr 2011Legalese in email footers is useless
Ever get annoyed by those email footers telling you what you can or cannot do with the email you just received? Yeah, me too. Here's an interesting bit from Consumer Reports that talks about how those legal disclaimers in email footers may be legally useless.It's funny, every time I see them (they're in about 60-70% of the non-spam emails I recieve) I think it's yet another representation of the American ...
Continue Reading... -
19 Apr 2011
Coffee shop laptop thefts in Atlanta a good reminder
Here's a good reason why you need to remind your employees of the risks of using laptops in coffee shops and other public places. Once the thief has it, it's all over...unless of course a brave (stupid?) coffee shop employee comes to your rescue.A good rule of thumb is if you're setting up shop for a while then use a laptop lock to secure the system to the table. Most ...
Continue Reading... -
02 Mar 2011
The real numbers behind lost laptops
Here's a recent piece I wrote for my friends at SearchCompliance.com regarding the lost laptop problem and what it's costing businesses:The Billion Dollar Lost Laptop – What’s it costing your business?I've seen some naysayers out there stating that there's no way a lost laptop could match up to Ponemon's figures. I say why find out!? Whatever the cost, the solutions for laptop security are simple once the choice is made ...
Continue Reading... -
17 Feb 2011Are you focusing on the infosec basics where it counts?
Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...
Continue Reading... -
17 Feb 2011
Not surprised by the Wells Fargo ATM outage based on what I see
Here's an interesting story about the widespread Wells Fargo ATM outage that occurred last week. There's speculation around the cause of the outage. Was it a hack? Was the system inadvertently taken down during system upgrades? Who knows...What I can say is that virtually every ATM I've come across in my work performing internal security assessments in/around the financial industry has been riddled with security holes. I've seen weak OS ...
Continue Reading... -
08 Feb 2011
Findings from the Fort Hood shooting underscores today’s incident response reality
You may have heard about this in the news over the weekend: apparently the Army psychiatrist turned Islamic extremist who killed 13 people at Fort Hood in November 2009 could've been prevented had the FBI and Army been communicating with one another.Sadly the same poor communication exists in the corporate world. Along the same lines of this incident, based on what I see in my security assessments I can confidently ...
Continue Reading... -
03 Feb 2011
Don’t just do something, sit there.
Seriously, it's time to kill the #KillSwitch bill that I've written about recently. It's dangerous, it's not what America is about and it's only going to make things worse for our country, our economy and our personal liberty.Here's some more details along what you can do about it today:http://www.downsizedc.org/blog/new-initiative-kill-the-kill-switch-bill...
Continue Reading... -
31 Jan 2011
The Egyptian uprising tie-in with the U.S. Internet kill switch
The people rioting in Egypt against their oppressive government and the subsequent blocking of the Internet is an interesting issue that has a global reach. Foreign policy aside, have you stopped to think about the ramifications of the cybersecurity "kill switch" bills that our measly politicians are trying to force upon us?As I wrote previously, the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as ...
Continue Reading... -
31 Jan 2011
It’s hard being human
Cavett Robert once said something about character that resonates within information security - especially regarding ongoing management and leadership. He said:"Character is the ability to carry out a good resolution long after the excitement of the moment has passed." When I saw this I was reminded of how pumped you can get when attending a show like RSA or CSI or how neat certain vendor marketing spiels sound. Another is ...
Continue Reading... -
23 Jan 2011
Cybersecurity schmybersecurity
Here are a couple of #cybersecurity pieces I authored for TechTarget's SearchCompliance.com regarding the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480):Why the Cybersecurity Act is better for government than businessIs the latest cybersecurity bill an Internet takeover by the fed?You know how I am about government growth and its intrusion into the free market. ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
