-
08 Sep 2010Security’s not just an executive decision
I recently came across this quote by Peter Drucker that struck a chord:"Most discussions of decision making assume that only senior executives make decisions or that only senior executives' decisions matter. This is a dangerous mistake."It reminds of how certain executives decide that information security is something that doesn't affect their business regardless of what others are telling them. I'm sure many of these executives' subordinates are ready and willing ...
Continue Reading... -
08 Sep 2010
What’s Better for Your Information Security Career – Certifications, a Degree, or Good Old-Fashioned Experience?
Here's a piece I wrote on information security careers and what's best for getting ahead:What’s Better for Your Information Security Career – Certifications, a Degree, or Good Old-Fashioned Experience?If you want to learn more on the go, I also have a Security On Wheels audio program on this topic that picks up where my article leaves off:Certifications, Degrees, or Experience - What's Best for Your Security Career?...
Continue Reading... -
08 Sep 2010
Good rule of thumb for information security
Thomas Jefferson once said:"Learn to see in another's calamity the ills that you should avoid." If you want to manage information risks and keep your business out of hot water I can't think of a better principle to work by....
Continue Reading... -
07 Sep 2010
The key to accurate and insightful Web security scans
You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...
Continue Reading... -
06 Sep 2010
Securing and hacking Windows go hand in hand
Computer hacking concepts extend to every nook and cranny of what we work with on a daily basis. Front and center are Windows-based servers. A large part of what I do in my work performing internal security vulnerability assessments - a.k.a. pen tests and audits - involves Windows servers. There's so much you can do to build up Windows server security and so much you can take to bring it ...
Continue Reading... -
02 Sep 2010
Crunch risk numbers or fix the obvious?
My colleague Ben Rothke (@benrothke) recently wrote a good piece on basing information security decisions on good data. I like his approach - it'll make you think. It's true we do need good data so we can make better decisions. Sadly, we often don't have the data or, if we do, we're not qualified to interpret it.Maybe it's just me but I don't believe my degrees in computer engineering and ...
Continue Reading... -
02 Sep 2010
The case for zero-day testing
Here's a good piece by David Maynor regarding penetration testing and whether or not zero day exploits should be used. I agree with David. With penetration testing, ethical hacking, vulnerability assessments - whatever you want to call them - anything should be fair game. That is if you want a real-world view of what's at risk. Limiting your tests could skew the results and you'll end up with a false ...
Continue Reading... -
31 Aug 2010
NetScan Tools LE – a must-have for investigators
Have you ever had a need to run a program and get a relatively small amount of data just to do your job but end up getting caught in the complexity of the application and not getting what you need after all? That's happened to me a bunch.Well, NorthWest Performance Software (makers of a long-time favorite of mine: NetScanTools Pro) has a new tool that helps resolves this problem called ...
Continue Reading... -
30 Aug 2010
“New” Web security content to check out
Here are several new links to some recent (and, due to my crazy year, not so recent) articles I've written for various TechTarget sites on the subjects of Web application and server security:Web server weaknesses you don't want to overlook (the "rest of the story" of Web flaws)SQL injection tools for automated testing (a must-have for your toolkit)Beefing up SSL to ensure your applications are locked down (good for some ...
Continue Reading... -
27 Aug 2010
HIPAA & HITECH: new requirements + same approaches = new book
My colleague and co-author Becky Herold and I are working on the second edition of our HIPAA book and I'm realizing, wow, not much has changed in the way of managing information risks since we first wrote it in 2003. Yet, the protected health information breaches keep on occurring (look at the two latest ones from this week).Stay tuned though...we've got lots of good updates and new info forthcoming on ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
