-
09 Sep 2008Mediocrity at its best
I just read this Dilbert comic strip the other day on my Dilbert desktop calendar from a few months back (I'm running behind) and Mike Rothman has a good post about it here. Explains why we have so many security problems.Security best practices anyone??...
Continue Reading... -
04 Sep 2008
PCI v1.2 = 802.1x for wireless? Yeah right!
Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren't enough...Wireless must now be "implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission".Yeah right!! So people using WEP not only have to upgrade their hardware but ...
Continue Reading... -
29 Aug 2008
Talk is cheap
In watching the clips from Obama's Adult American Idol speech last night (I couldn't bear to watch it all live) I was reminded of previous bosses I've had and other people I've seen regarding their "support" of information security:Posturing and pandering and spouting out whatever makes people feel good is very, very easy.Just like certain people are good at manipulating others negatively for their own gains, anyone (Obama, McCain, your ...
Continue Reading... -
29 Aug 2008
Who needs life vests anyway?
Jazz Airlines (subsidiary of Air Canada) has removed life vests from their airplanes in the name of saving weight and fuel. So, increase the risk of your passengers at whatever cost...?? I'm sure the savings of 83 pounds per flight should more than outweigh any risk. Sounds like the typical risk management decisions being made in all too many businesses out there.I suspect we'll start seeing this kind of nonsense ...
Continue Reading... -
27 Aug 2008
Do developers really think of security this way?
I was just perusing the latest Programmer's Paradise catalog. The catalog is chock full of developer tools - everything you need for application lifecycle management. Well almost. Their Security section of products made me laugh. I was expecting to see products like DevInspect, Ounce 6, and Fortify 360. But no, what's in there is what all too many developers still see as "security": Reflex Security's VSA Firewall, GFI EndPointSecurity, PGP ...
Continue Reading... -
27 Aug 2008
A chronology of HIPAA convictions
Does HIPAA affect your organization? It probably does somehow some way at least indirectly. If not, we're all affected personally. Well, my friend and brilliant colleague, Becky Herold, has kept up with HIPAA-related convictions over the past few years. I'm surprised that only seven convictions have taken place. There's no doubt that more violations have occurred...Interestingly, there's only been one sanction given for noncompliance. Only one healthcare organization out of ...
Continue Reading... -
27 Aug 2008
Gotta love the overused “computer glitch” excuse
Here we go again with a "computer glitch" causing a big problem - this time with the FAA's flight plan tracking system.Last time I checked, computers are told what to do...I studied computers at the bit level for way too many years in college to know that PEOPLE cause computer problems. It's easier to blame computers though. They don't argue back. Yet....
Continue Reading... -
26 Aug 2008
Finally…someone gets their Web security policy right!
When most companies claim Web "security" they tout SSL like I mentioned here. I've had trouble figuring out why the buck stops there...maybe because they're being written by people in marketing??Anyway, LinkedIn finally got it right. The security stipulation in their privacy policy goes beyond SSL:In order to secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected ...
Continue Reading... -
26 Aug 2008
Great quotes related to information security management
...or mismanagement if you will:The first quote relates to management's responsibility and using wisely their power of choice when it comes to doing poorly on a security assessment, failing an audit, experiencing a security breach, and falling out of compliance:"Failure to hit the bullseye is never the fault of the target." - Gilbert ArlandThe second one relates to management not supporting information initiatives year after year and then, once a ...
Continue Reading... -
18 Aug 2008
Telecommuting OK for execs but not for staff?
I've been harping on this subject for a while. Why don't more managers let their employees telecommute? After all, it helps morale, can boost productivity, and even impresses those who buy in to the religion of "global warming".Then I came across this article citing evidence that apparently more in management are telecommuting themselves...The email I received this in had the headline "Joining the telecommute revolution". Everybody, quick! Jump on the ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
