-
11 Oct 2010Got compliance? Here are some tips for moving ahead.
Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...
Continue Reading... -
06 Oct 2010
911, what’s your emergency?
There's a saying when seconds count the police are only minutes away. Maybe yes, maybe no - and like I just experienced, sometimes they may not care at all. Let me explain...Have you ever been driving down the road and witnessed someone driving completely erratically to the point where you think "WOW, that person is going to cause a wreck, soon." Well, I was out for a leisurely drive in ...
Continue Reading... -
04 Oct 2010
Beware of the oversights w/default policies in Web vuln scanners
I just ran some Web vulnerability scans against an app I'm testing using a couple of default/benign scan policies. Nothing big turned up. I re-ran the scan using a full scan policy that checks for everything and the new MS10-070 ASP.NET padding oracle vulnerability reared its ugly head...BIG difference in the outcome.Keep this in mind when checking for Web security flaws with your automated scanners and never ever completely rely ...
Continue Reading... -
30 Sep 2010
Elcomsoft’s new Phone Password Breaker now supports the BlackBerry
Elcomsoft's neat iPhone Password Breaker tool that can crack iPhone backup passwords just got 100% better. Now it's called Phone Password Breaker and supports BlackBerry backups. Nice.Combine such a tool with all the open shares and unstructured data scattered about the average network and you've got a pretty serious problem on your hands. That is unless you're using the tool in a security assessment and demonstrating the continued risks smartphones ...
Continue Reading... -
28 Sep 2010
In the unlikely event you experience a security breach…
If you've experienced a data breach - or if you're into thinking long term - want to plan ahead in the event one does occur, here's an Entrepreneur Magazine bit from a PR specialist on how to handle a crisis.It doesn't have to be difficult but you can pretty much bet it will be if you don't have a plan. For further reading, here are some pieces I've written about ...
Continue Reading... -
28 Sep 2010
Don’t believe the hype
In this piece, fellow SearchEnterpriseDesktop.com writer Mike Nelson does a good job railing against vendor FUD. His content ties right into my thoughts on all the IT and security marketing fluff we're exposed to. It's nuts.If you do anything, educate yourself on the basics before going in - before you buy any product or service...With Google, Bing, and all the good resources out there it's relatively simple to learn the ...
Continue Reading... -
28 Sep 2010
Cybersecurity Act of 2009 – It’s great for government growth!
You may already know how I feel about our out of control government. Well here's a new piece I wrote about the Cybersecurity Act of 2009 - legislation that'll make your head spin.Why the Cybersecurity Act is better for government than businessIn subsequent edits to this article I had added some material on the new Lieberman-Carper-Collins legislation Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Senate Bill 3480) ...
Continue Reading... -
28 Sep 2010
New Windows identity & access management resources
Here are some new pieces I wrote for SearchWindowsServer.com on Windows IAM - pros, cons, and considerations:Are identity and access management payoffs worth the fuss?The compliance benefits of Windows identity and access managementSix ways to improve identity and access management (IAM) for WindowsFinding the value in Microsoft Forefront Identity Manager 2010Enjoy!...
Continue Reading... -
27 Sep 2010
Got VoIP? Better make sure it’s secure.
Given that VoIP has been around for more than 10 years, it's hard to find a business where's it's not running in some capacity. I do find it interesting how many network managers aren't too concerned about the security of VoIP. People say things like "It's on the inside of the network", "It's running on a separate VLAN", and "We're PCI and HIPAA compliant but there's nothing of significance being ...
Continue Reading... -
27 Sep 2010
It all goes back to choice
I've said it before and I've come across a quote that prompts me to say it again. Peter McWilliams once said "We are all, right now, living the life we choose."The same goes for security...and compliance...and overall business risk. The sum of your business decisions up to this point define exactly where you are right now.As Og Mandino said "Use wisely your power of choice." As I've discovered it's hard ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
