Kevin Beaver's Security Blog

Aiming for the CISSP? Check out this book.

I recently completed the technical edits for the new book CISSP For Dummies, 4th edition. It's a great book (not because of my contribution!) that I wish I would've had when I was studying for my CISSP test back in 2001. If you're prepping for the CISSP exam or just want to brush up on the fundamental concepts of information security, this book is a must-have. Just keep in mind ...

Pressure washer v. university data center…guess who wins?

Oops, Georgia State University forgot to check their data center for leaks. Okay, I'm not going to pick on my friends at GSU. In their defense you cannot - in any way, shape, form or fashion - predict or plan for every possible disaster recovery/business continuity scenario or outcome. But a threat exploiting a weakness that knocks phones and Internet access out for five hours, this is a great example. ...

This week’s webcast on common sense security

Join me and Phil Owens of GFI tomorrow (Wednesday July 24, 2012) as we wax poetic about what it really takes to have a reasonable layered security defense against malware:Defense in Depth: The Layered Approach to IT Security Crashed systems, data theft, decreased productivity, revenue loss, reputation loss – today’s malware threats can cause critical damage to your business. IT professionals, now more than ever, need a method of in-depth protection ...

Interesting quote on human psyche that relates to infosec

I just saw the following quote from publisher Malcolm Forbes that underscores the very essence of the problems we see in information security, business and life in general:"Too many people overvalue what they are not and undervalue what they are."Indeed, so many people want to control or break down (they're one in the same) others because their own lives are out of control. They simply don't believe in themselves. Like ...

With all the recent hype and hoopla over Windows 8 and Server 2012, I thought I'd throw in my two cents into the Microsoft analysis arena...here are some recent pieces I've written that you may be interested in:Thoughts and considerations around the forthcoming System Center 2012 Configuration ManagerWhy the simple Windows 8 Metro interface may not benefit usersMicrosoft Security Compliance Manager enhances desktop securityA first look at Microsoft Office 15 ...

What NTOSpider offers the appsec world

I feel like I've said it a million times: you cannot rely on just one Web vulnerability scanner. There are simply too many vendors doing too many checks across too many websites and applications. The complexity of what needs to be tested is enormous not to mention the quality of the Web vulnerability scanners on the market (tip: you get what you pay for). Well, NTObjectives' NTOSpider is a perfect ...

Want to know the traits of top infosec leaders?

Join me in 24 hours for my webinar with EC-Council (the folks behind the CEH, Certified Ethical Hacker, certification) titled Four Traits of Successful Information Security Leaders.I'll share with you my experiences and mistakes as an information security leader as well some observations I've made of those at the top of their game over the past 11 years I've spent working for myself. There will be a Q&A at the ...

The security conversation is not a one-time deal

...

Focus on yourself and reap the rewards in IT & infosec

If you're in to big-picture IT and information security stuff like, say, your career and focusing on what matters, here are some new bits I've written for TechTarget and Security Technology Executive magazine that you may be interested in:Five habits of highly-successful IT prosSocial networking strategies to further your IT careerFive ways to advance your Windows careerUnderstanding management gets your IT department what it needsRSA's look at the big pictureEnjoy! ...

The weakness of vulnerability scans that people (sadly) ignore

Those of us who live and breathe information security on a daily basis understand that vulnerability scans are only part of the information security assessment equation. We can't live without them but as I've outlined here we by all means cannot rely on them completely.I was just speaking with a colleague about this and came up with an analogy for our overdependence on external vulnerability scans in the name of ...