-
19 Nov 2009I could’ve sworn we had this thing called HIPAA
Remember way back in April of 2005 when the HIPAA Security Rule went into effect? Well apparently some healthcare providers didn't get the memo. Big blow to Health Net.So, no reasonable security controls to meet the HIPAA requirements much less no encryption of mobile storage devices? Seriously people: what is it going to take to encrypt mobile drives!!??I'm not a fan of BitLocker in the enterprise and not sure how ...
Continue Reading... -
10 Nov 2009
M-W’s Word of the Day very fitting
I subscribe to Merriam-Webster's "Word of the Day" and saw today's word is rectify. Here's the example sentence they used:"The night before the Web site was to go live, the programmers worked frantically to rectify several unresolved security problems."Too funny! ...and sadly, all too common. Hey, at least they were working to fix the security issues before it went live! ;-)...
Continue Reading... -
08 Nov 2009
The real deal with the SSL/TLS flaw
Over the past few days Twitter, security blogs, and news columns have been going crazy with the newly-discovered SSL/TLS flaw. Man, you'd think it's the next WEP exploit discovery. The security sky is falling...we must retreat.Seriously, is this thing a big deal? Not in my opinion - at least not in all but 99.9% of any given situation. But what do I know? I'm just the security guy that sees ...
Continue Reading... -
29 Oct 2009
Disaster recovery is dead?? Not hardly!
In this recent SearchCIO.com bit, the executive director of the Disaster Recovery Institute International says that disaster recovery is dead. He goes on to say that "disaster recovery (DR) and business continuity have become synonymous" and (here's the kicker) "We don't do recovery anymore, because what everybody wants is continuous operations...We have auto failover now. We have redundancy in data. We do have more continuity. And that is because recovery ...
Continue Reading... -
14 Oct 2009
Cloud computing & customer no-service – match made in heaven?
I never thought I could be so productive. This week I've had less pressure to deliver. I've been able to turn "things" off. All while I'm attending a conference when I usually get even more behind. Well you see, my email isn't working. My email security "application service provider", I mean "managed service", dang it, actually my "cloud computing" provider delivering "software as a service" has apparently decided to take ...
Continue Reading... -
05 Oct 2009
National Archives does it again!
You may recall my appearance on CNN television earlier this year when a hard drive went missing from the National Archives and Records Administration. Well, apparently some lessons don't sink in. This time around the National Archives folks sent an unsecured hard drive containing personal info on 70 million+ veterans to a vendor for "repair and recycling" (huh?). Apparently an employee subverted a policy then had to go on leave ...
Continue Reading... -
23 Sep 2009
Quoted in today’s WSJ
If you can, check out today's Wall Street Journal - page A20. I talk about sensitive information being mismanaged on mobile devices. You may already know how I feel about mobile security...what's it going to take to fix this issue?...
Continue Reading... -
16 Sep 2009
Third-party apps still a big security issue
A while back I wrote about the importance of patching third-party software on your enterprise desktops. Apparently third-party applications are still out of the security loop. It's a seemingly small problem but it can have pretty big consequences....
Continue Reading... -
26 Aug 2009
There are no “accidents”
The word 'accident' is one of those pet peeves of mine. We see and hear about car crashes, parking deck collapses, spilled milk on the kitchen floor, whatever...they're all "accidents" people say. Well I'm calling b.s. on the "accident" excuse. If you look at every single "accident" scenario there is always a set of choices and behaviors leading up to it. Guaranteed.So, when I saw this IDC/RSA report that claims ...
Continue Reading... -
19 Aug 2009
No soup for you….20 years!
Here's a bit on the recent indictment of a Florida man known as the soupnazi (man, I miss Seinfeld) and two Russians for the data breaches of Heartland, Hannaford, and many others. Facing 20 years and a $250,000+ fine and he still has other cases pending!The funny thing is that he's a former informant to the U.S. Secret Service!Lesson to be learned: test your systems for security vulnerabilities before the ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
