-
22 Mar 2012Don’t underestimate the value of firewall rulebase analysis
Are firewalls sexy? No...but you must understand that they're an integral part of your overall information risk equation. From configuration flaws to rulebase anomalies to overall system inefficiencies, your firewall rulebases can make or break security, business continuity and other critical parts of your IT operations.Last week, AlgoSec's Nimmy Reichenberg and I recorded a webinar titled How to Automate Firewall Operations, Simplify Compliance Audits and Reduce Risk that you may ...
Continue Reading... -
22 Mar 2012
An interesting Microsoft tool to help with data classification
Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge. If the Data Classification Toolkit is anything like ...
Continue Reading... -
19 Mar 2012
Neat tools to seek out sensitive files on laptops & websites
"Oh yeah, I forgot about all of those files." I've never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I've mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to ...
Continue Reading... -
15 Mar 2012
Flaws, compliance and the Cybersecurity Act of 2012
Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right Now Find the Most Flaws By Balancing Automated Scans with Manual Analysis Compliance is just the beginning New and not-so-new security twists in the Cybersecurity Act of 2012 Enjoy! Be sure to check out www.principlelogic.com/resources.html for links to all ...
Continue Reading... -
14 Mar 2012
My upcoming webcast with Checkmarx: How to Use Source Code Analysis to Improve Information Security
Join me next week, Thursday March 22, for a quick webcast where I'll be co-presenting on the topic of source code analysis and how it can improve your information security over time. I'm convinced that source code analysis is one of the missing links in the overall security process. As I say all the time: you cannot secure what you don't acknowledge. Ignoring security flaws at the source can be ...
Continue Reading... -
14 Mar 2012
My Atlanta CDW/TechTarget seminar
We had a friendly and larger than expected crowd at our event CDW/TechTarget information security seminar yesterday. Thanks to those who came out!My favorite part of these events is learning new ideas from the participants and the other speakers. In this ever-changing world in which we work, it's hard to keep up and there's certainly no way to know it all. Every little nugget helps. Looking forward to an even ...
Continue Reading... -
09 Mar 2012
My upcoming webcast on firewall management
Join me and AlgoSec's Nimmy Reichenberg next week for a unique discussion on strategies for improving firewall management.We all know it's the elephant in the room...Today's enterprises have firewalls that are so complex and so fragile yet no one's really taking care of them. Any processes that do exist around rule management, rule changes and firewall risk analysis are often manual - and oh so painful.I know, I know, firewalls ...
Continue Reading... -
01 Mar 2012
My final takeaway from #RSAC
I said my farewell to the RSA Conference Tuesday evening but had some final thoughts about the show that I wanted to share with you.In addition to the keynotes I talked about, I attended a mock trial session involving malware, a digital certificate acquired for ill-gotten gains, and a healthcare company that ignored all things HIPAA (heard that a million times!) as well as a session by HP's Jacob West ...
Continue Reading... -
28 Feb 2012
Video: #RSAC 2012 is off and running
I'm live at the RSA Conference and here are my thoughts on the first two keynotes along with why you need to come to this show....
Continue Reading... -
27 Feb 2012
Live from #RSAC: Cloud computing’s got some kinks (but you knew that)
I'm attending the RSA Conference this week and just sat through a panel discussion on cross-jurisdictional issues in the cloud. It was part of the Cloud Security Alliance Summit 2012.Here's what I heard: there are tons of considerations around the management, access and even the e-discovery personal data in the cloud...lots of variables and just as many things still up in the air. I'm convinced that being an information privacy ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
