• 19 Dec 2007

    Firewall Best Practices

    Based on yesterday's post regarding firewall best practices, I thought it made sense to go ahead and post the 'best practices' content here as well. This is straight out of my Firewall Best Practices document I just recently updated:Firewalls are not the end all, be all solution to information security. They are, however, a necessary component of an effective network security infrastructure. The following list is a set of reasonable ...

    Continue Reading...
  • 18 Dec 2007

    Firewall change management? Who needs that anyway…

    I recently had someone contact me and ask about the change management item I list in my Firewall Best Practices document. This person's inquiry revolved around them trying to get management to adopt change management practices and the troubles associated with having to properly and realistically explain to management the risks involved of not having good practices. This person wanted to know if I could explain the risks involved when ...

    Continue Reading...
  • 14 Dec 2007

    My articles from this week

    Here are my information security articles from this week that you may be interested in. Beyond Natural Disasters: Business continuity issues you haven't thought of before Find Windows vulnerabilities with a hex editor Why store sensitive data if you don't have to? For all of my past content be sure to check out www.principlelogic.com/resources.html. Enjoy!...

    Continue Reading...
  • 14 Dec 2007

    Isn’t this what HIPAA is for?

    I've been hearing a little sound bite on my local radio station of Hilary Clinton saying "I believe everyone -- every man, woman, and child -- should have quality, affordable health care in America. We should do it. We should do it, because, in this new economy, when people move jobs more than ever before, their health insurance should move with them." You can see the transcript on Hilary's Media ...

    Continue Reading...
  • 07 Dec 2007

    My articles from this week

    Here's my one information security article from this week that you may be interested in. For all of my past content be sure to check out www.principlelogic.com/resources.html.The Fallacy of SSLEnjoy!...

    Continue Reading...
  • 06 Dec 2007

    Stupid policies are ignored by those with an agenda

    On a similar note regarding my previous post on the Omaha mall incident, apparently the mall has a policy against concealed weapons - and apparently (I haven't confirmed) there's a Nebraska state law backing such policies in private businesses in that state. This event not only shows how vulnerable we really are but it's also a classic case of stupid policies/laws such as this ONLY apply to law-abiding citizens.In the ...

    Continue Reading...
  • 06 Dec 2007

    When seconds count, how long will it take for you to respond?

    I was listening to Neal Boortz's radio talk show this morning about the tragedy that occurred at the Omaha mall yesterday. A caller brought up the old saying "When seconds count, the police are only minutes away." This made me think about all the organizations out there who don't have an IT-centric incident response plan - or at least don't have one that's adequate enough to respond to real security ...

    Continue Reading...
  • 03 Dec 2007

    My articles from this week

    Here are my recent information security articles you may be interested in. For all of my past content be sure to check out www.principlelogic.com/resources.html. How to get developers to buy into software security Cheap Microsoft licenses for security pros: the Microsoft Action Pack Mobile security: Setting responsible goals Mobile security: Top oversights You may need to perform a quick third-party registration to access some of them. Enjoy!...

    Continue Reading...
  • 02 Dec 2007

    An excellent compliance resource you’ve gotta check out

    If compliance is anywhere on your radar (I'm pretty sure that includes all of us!) then you've gotta check out Rebecca Herold's compliance blog and portal called the Realtime Community | IT Compliance. I've known and worked with Becky for years and can vouch for her level of knowledge in the compliance and privacy arenas. The hosting company for this site is Realtime Publishers for whom I've written a book ...

    Continue Reading...
  • 29 Nov 2007

    Don’t expect to get paid for what you have on paper

    Don't fall into the misperception that just because you've earned a college degree (especially one in infosec) or the CISSP certification that money, respect, and a great job will fall right into your lap. I thought this same thing coming out of school, but as I found out, it doesn't work that way in the real world. I hear people often say "I've got to to hurry up and finish ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept