-
17 Sep 2014What if The Home Depot looked to their own store policies for help with infosec?
If The Home Depot's management were as strict with information security as they are with store policies I'm confident they could've avoided their data breach.Have you heard their policy monger guy on their intercom system while shopping?? He sounds like that guy we've seen in those disturbing Allstate commercials. A bit creepy. It's also quite uninviting - certainly doesn't make you feel welcome in their stores.At least they've covered their ...
Continue Reading... -
02 Sep 2014
Bits & pieces on the 2014 Home Depot data breach
The news of the new Home Depot credit card breach combined with me being based in Atlanta as well, I feel compelled to share some links to some of the recent pieces I've written about point-of-sale and retail information security in hopes that a nugget or two might prove beneficial to someone out there...here they are:The Target Breach – Can It Be Prevented?Six endpoint management lessons from POS security breachesSecurity ...
Continue Reading... -
28 Aug 2014
The latest Android / Gmail security flaw & why people don’t take IT & security seriously
You may have heard about the recently-discovered Android exploit that makes Gmail vulnerable to criminal hackers. I read it over and realized that I have to use this opportunity share an example of what I talk about when "researchers" claim that all is bad in the world because of the latest and greatest exploit impacting whatever software or device they've discovered.This Android/Gmail finding in particular is a great example of ...
Continue Reading... -
22 Aug 2014
CISOs, lawyers, awareness training, and other infosec blunders you need to know about
I've been super busy putting my twisted thoughts on paper...here are a few pieces you might enjoy:When your lawyer becomes your CISO The compliance crutch holding up Corporate AmericaThe fallacy of information security awareness and trainingThe one skill worth mastering in ITQuantifying the disconnect between the business and securityThe critical item that’s missing from most IT security programsWhat's your one hot button security item? Top detractors of security oversight The funny ...
Continue Reading... -
30 Apr 2014
Things that impact careers in information security
Here are some recent pieces I've written that can make or break your success in information security:Open your eyes and you’ll see the lightSteering your career as a desktop admin in the mobility ageThe mindset of everyday employees and their impact on securityWhy a CIO's relationship with enterprise IT security is importantBe sure to check out the hundreds of security articles, webcasts, and more I've written/developed over the past 12 ...
Continue Reading... -
22 Apr 2014
6 reasons information security causes global warming
In keeping with the divorce and everything Capitalist or conservative causes "global warming" movement, how about this:Information security causes global warming (or cooling, or whatever it needs to be called today)I really believe we have a "crisis" on our hands and here's why: The need for IT security controls is a negative side-effect of Capitalism - man bettering himself if you will. If we didn't have computers and the Internet, ...
Continue Reading... -
11 Apr 2014
Heartbleed – the biggest Web security problem ever???
I just came across this piece from NewsFactor: Is Heartbleed the Biggest Web Security Threat Ever? and couldn't help but chime in. Contrary to popular hype, I don't think the biggest web security issue we face (now or ever) is a technical problem...instead, it's something with hair on top like I talked about here.As with the hype over the Target breach and the gloom and doom over Windows XP's end ...
Continue Reading... -
09 Apr 2014
Windows XP: Goodbye my love…well, not really.
Windows XP...ah, the memories!I wrote many of my books including the first two editions of Hacking For Dummies and the first edition of The Practical Guide to HIPAA Privacy and Security Compliance originally on Windows XP - not to mention countless articles, security assessment reports and more over a 7-8 year span.It was nice working with you XP!I waited to write this post today, the day after all the Windows ...
Continue Reading... -
25 Mar 2014
68% of workers do this…and we wonder why we have security problems!
I've always believed that information security is a people problem that goes deep into the psychology of how we think. Here's a great example...starting at 0:24:http://johnmaxwellteam.com/industrious/This is the basis for why our so-called leaders rise to power, why there's a gap between the haves and have-nots, and why so many "ailments" afflict society. Many people simply don't believe in themselves and have no desire or motivation to get any better. ...
Continue Reading... -
13 Mar 2014
HIPAA compliance lip service
Here's an example of the lip service (security theater) people give to compliance and information security found on display at one of those giddy-over-regulations retailers:Really, who's certified? How are customers to know what this means?Checkbox checked...all that matters.Good stuff....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
