-
31 Jan 2012Where’s your information security focus?
You cannot change facts (i.e. the industry your business is in, the regulations it's up against, the type of sensitive information you're responsible for managing, etc.) but you can change problems (i.e. user behavior, wayward goals, management not on board with security, etc. ).As the philosopher James Burnham once said: "If there is no alternative, there is no problem." In the case of information security, there are tons of alternatives to ...
Continue Reading... -
27 Jan 2012
You cannot multiple security by dividing it – Infosec’s relationship with Socialism
I'm not much into urban legends and the like but came across this bit the other day and it really made me think. What a great analogy that impacts all of us both personally and professionally with some interesting information security and compliance tie-ins that I see all the time:An economics professor at a local college made a statement that he had never failed a single student before, but had ...
Continue Reading... -
26 Jan 2012
Evanta CISO event and why St. Jude’s has it right
This week I had the opportunity and privilege to serve as a panelist on mobile security at the Evanta CISO Executive Summit in Atlanta. What a neat event...it wasn't just another infosec show. It was unique in its focus and well run by Corrine Buchanan and Mitch Evans who always seemed to have a smile on their faces - something we don't see enough of at these types of shows. ...
Continue Reading... -
25 Jan 2012
Complacency, meet APT – How basic oversights lead to complex malware infections
Low-hanging fruit – that is, the missing patches, default passwords, lack of full disk encryption and so on present in practically every environment – is something I’ve ranted about time and again because there’s no reason to have it on your network. Why? Well, for one thing, rogue insiders may just exploit it for ill-gotten gains. But even worse, low-hanging fruit can be the target of malware exploitations that you’re ...
Continue Reading... -
23 Jan 2012
Are your high-tech devices enslaving you?
The late Richard Carlson, author of Don't Sweat the Small Stuff, said:"It's important to see when your high-tech communication devices actually limit your freedom, enslaving you instead of providing new opportunities for growth."Wow...How true that is!Have you ever tried to not look at your emails or answer phone calls when you're out and about with your family or taking some time to yourself? It's pretty darned difficult but it can ...
Continue Reading... -
20 Jan 2012
My articles & webcasts on hacking, incident response, compliance & IAM
I wanted to share with you a few new pieces I've written for TechTarget and Cygnus on incident response, compliance for systems integrators and the not-so-sexy but all-too-important technology, identity and access management:The importance of incident response plans in disaster recoveryRegulatory compliance requirements for security solutions providersIdentity Management’s great bang for the buckAlso, here are some webcasts I recorded for TechTarget, Information Week/Dark Reading and SecurityInfoWatch.com that you may be ...
Continue Reading... -
20 Jan 2012
Executives could learn a lot from Supernanny
We all have a lot to learn from Jo Frost, the Supernanny. In particular, when it comes to information security, IT management, employee computer usage and so on, business executives could benefit a ton. Here's how it'd go:Create a set of rules.Enforce your darned rules!...
Continue Reading... -
20 Jan 2012
The role of IT in fighting today’s malware
It seems ever since I wrote my paper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In I’m seeing more and more vendors jump on the bandwagon. Today’s malware impacts everything from the network infrastructure to the endpoint and everyone wants a piece of the pie. I know the market is growing so I can’t blame people for wanting to capitalize on the opportunity.Vendors aside, what is ...
Continue Reading... -
19 Jan 2012
My interview in Hackin9 magazine
If you subscribe to Hackin9 magazine, check out this issue where they feature an interviewed with me about how the information security landscape has changed over the past decade, how you can get started in information security, my take on compliance and more.If you don't subscribe to Hackin9, it's a great trade rag for technical security pros and (especially?) non-technical IT, security and compliance pros...Putting the occasional typographical errors aside, ...
Continue Reading... -
19 Jan 2012
Quoted in today’s SC Magazine feature story on Symantec
Stephen Lawton wrote today's SC Magazine feature news story on the Symantec source code breach in which I'm quoted.I provided these quotes late last night and it was interesting timing because I was speaking at local university's AITP chapter yesterday evening and I told my audience that no one is immune from hacking - not even IT and security pros...and obviously not information security companies.It's a crazy world out there. ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
