-
01 Aug 2008U.S. randomly confiscating laptops of international travelers
Yet another reason to encrypt your hard drive...This isn't entirely new but apparently is being brought up again. I just saw on Fox News that international travelers are going to have their laptops randomly confiscated without cause. I presume that's when they're coming back in via U.S. airports.Want my laptop U.S. Customs? Go for it! You're not going to get a bleepity thing off of it...All the name of "fighting ...
Continue Reading... -
23 Jul 2008
$25 billion for information security gaffes?
What if the government could come running to protect us every time we or one of our colleagues made a bad security decision - intentional or not? Imagine:setting an Allow All rule in your firewallmaking all of your databases accessible via the Internetrevoking any and all password policiesnever testing your systems for vulnerabilities....or,avoiding data backups because, well, you just can...Everything we do in life - every choice we make has ...
Continue Reading... -
23 Jul 2008
Got a kick out of this “Worry-Free Online Ordering” policy
I just stumbled across this "worry-free" policy located on an e-commerce site. Very cute...yet sad that a lot of people think SSL and "trust seals" are all that's needed to secure sensitive information in Web apps. ***Your information is safe with us.SOME~ONLINE~STORE ensures your safety and security by employing the highest level internet security system available. All information you provide us via this web site is encrypted using an SSL ...
Continue Reading... -
18 Jul 2008
Crack the darn password!
Here's an interesting story about a network admin working for the city of San Francisco who's refusing to give up a password. He won't give it up, then why not just crack it? It's probably a shared password anyway quite possibly stored/used somewhere else on his computer. There are TONS of password cracking tools out there by Elcomsoft and others. This could be an easy task.Our government at work......
Continue Reading... -
14 Jul 2008
Can you imagine a 4-day work week?
The state of Utah is calling for businesses to adopt a 4-day work week. Not a bad idea. *IF* something like this were put in place, employers would save on operational costs and employees can save on gas. And morale goes up too. A win-win. But can you imagine those controlling and ignorant managers!?....Woooweee. What would THEY DO if their employees were allowed to work from home...Control - it's a ...
Continue Reading... -
08 Jul 2008
Interesting stats from Information Security Breaches Survey 2008
First of all, for those of you reading this in the U.S., welcome back from the 4th of July holiday!I just came across some statistics in the U.K.-based Information Security Breaches Survey 2008 that provides some insight and clarity into why we still (and always will) have security breaches:98% of respondents scan for spyware...55% have a documented security policy.97% filter for spam...40% provide security awareness training.Only 6% have suffered a ...
Continue Reading... -
02 Jul 2008
Funny view of ridicously unsecure Web apps
My colleague Mike Rothman has a great post at SecurityIncite about Web application security and the "beta" mindset. I couldn't agree more....Just slap a beta tag on everything like Google does and you're off the hook!...
Continue Reading... -
01 Jul 2008
Getting the IT blues because of gas prices…watch this.
So many of us here in the U.S. are being affected - both personally and professionally - but these outrageous gas prices we have....I'm seeing stories about IT job losses and IT budget cuts in the name of ridiculous fuel costs. This is especially true when you have ignorant and controlling managers who won't let you telecommute. Heck, I'm cutting back on the number of networking events and lunch meetings ...
Continue Reading... -
27 Jun 2008
What does “qualified third party” mean in PCI 6.6?
There's been a lot of hoopla surrounding the PCI DSS requirement 6.6 compliance next week. Even with all the noise, there is some good news for both covered entities and independent security professionals such as yours truly. In the PCI DSS requirement 6.6 Information Supplement document, the first sentence at the top of page 3 states "Manual reviews/assessments may be performed by a qualified internal resource or a qualified third ...
Continue Reading... -
26 Jun 2008
Does FACTA really exist? Send up a Red Flag!
I spoke recently for a group of technically-savvy accountants. Out of the 120 or so people in the audience, 2 raised their hands when I asked if anyone was aware of the impending FACTA requirements for identity theft protection measures for financial institutions. Two people folks! OUCH.Sign of the times in information security I suppose......
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
