-
26 Mar 2010What’s the biggest Web vulnerability?
Here's a new piece I wrote called The Top Web Vulnerability We Face. It's something I suspect will be around for a long, long time. I'm curious if you agree?...
Continue Reading... -
23 Mar 2010
Users *have* to start locking their screens when working remotely
To continue on with the message in this previous post about users locking their screens while away from their computers I'm amazed at how naive people are with their computer usage in public places.I see it practically every time I'm at a coffee shop - someone leaves his/her laptop sitting at the table while he/she goes out to take a phone call, use the restroom, smoke a cigarette, talk with ...
Continue Reading... -
22 Mar 2010
Our power of choice has been stripped
No need for us to think any more. Here's a great excerpt from a WSJ piece that underscores the issue:"In our world of infinite wants but finite resources, there are only two ways to allocate any good or service: either through prices and the choices of millions of individuals, or through central government planning and political discretion."You hear me say a lot that those in control of information security have ...
Continue Reading... -
22 Mar 2010
A sincere “Thanks!”
Frederic Bastiat once said "When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that justifies it." In the same spirit, I want to send out a sincere and heartfelt Thanks! to all my fellow Americans who voted for "Hope" and "Change" putting a Marxist-loving ...
Continue Reading... -
19 Mar 2010
All the reasons you need to NOT buy security products
We've all been subjected to the marketing hype the IT and security product vendors put out daily...Well, if you've been looking for ways to save some money, here's why you should not buy information security products:9 good reasons not to buy information security products...the marketing madness will never cease. We just have to grow wise and understand what to buy into and what to ignore....
Continue Reading... -
19 Mar 2010
No need to fix the problem, just ban the tool
Here's a great post from my colleague Dave Paradi talking about how a conference is banning presenters from using PowerPoint. It's an embedded systems conference. So they're telling these highly-technical people they can't use PowerPoint to get their messages across!? I suspect the audience will instead be subjected to overhead transparencies and slide rule demonstrations. Sounds like a great show!This is just like businesses banning thumb drives and instant messaging ...
Continue Reading... -
11 Mar 2010
Trouble getting policy buy-in? Make ’em self-executing.
If you're having trouble getting security policies on the radar of management and users - much less getting the real buy-in you need, don't fret - there is a possible solution.It's an idea I got from Louise Slaughter (good name for a politician) and her attempt to force Obamacare on us. Simply make your policies "self-executing". In other words, you write the policies and include verbiage in each one that ...
Continue Reading... -
23 Feb 2010
P2P risks, all over again
It's sad when our government has to warn businesses about their own P2P network security flaws.I wrote about the security considerations with P2P applications seemingly a lifetime ago (2003) for TechTarget in a piece titled Are P2P applications worth the risk? Around this same time I served as a P2P expert on a panel discussion at American Intellectual Property Law Association's conference in Atlanta where we discussed these same issues.Nothing ...
Continue Reading... -
05 Feb 2010
My latest information security content
Here are my latest information security articles covering policies, internal threats and employee monitoring, and (when all else, fails) incident response. Enjoy!Security policy oversights and mistakes we keep makingThe real deal with internal security threatsMonitoring user activity with network analyzersLack of incident response plan leaves hole in compliance strategyIncident response – the often overlooked component of business continuityAs always, be sure to check out www.principlelogic.com/resources.html for all of my information ...
Continue Reading... -
02 Feb 2010
What part of No Truck Crossing do you not understand?
Check out this wild video of a train crash yesterday. It's a great example of the fact that just because you have a policy (i.e. the no truck crossing sign) doesn't mean that people will abide by (i.e. the dummy driver who probably thought "Aw, I can make this."). Some people just believe that they are exempt from certain things.Keep this in mind for your information security matters...you can't save ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
