-
25 Aug 2010500 million and counting…
I just received a press release from Beth Givens at the Privacy Rights Clearinghouse stating "500 Million Sensitive Records Breached Since 2005". 500 million+ known records that have been compromised in 5.5 years in the U.S. alone due to people in organizations large and small making poor choices about information security and privacy! Simply amazing.If you haven't seen the Chronology of Data Breaches, check it out. It's fascinating. The problem ...
Continue Reading... -
24 Aug 2010
Selling security: To persuade to is succeed
Okay, so your managers aren't getting security and your users aren't on board either. Security's not looking too good but you know it needs to happen. Just how can you "sell" security to those who matter most? Here's a collection of articles and blog posts I've written that address this very subject:How to get - and keep - user support with securityHow to get management on board with Web 2.0 ...
Continue Reading... -
24 Aug 2010
Relentless incrementalism
I don't know who coined the term "relentless incrementalism" but it's very fitting when it comes to information security. In the context of what we do, relentless incrementalism means doing small things over time that add up to big outcomes in the long term.All of us - management included - have to understand that security is not a one-time deal. Nor is it a product or a "compliant" status. It's ...
Continue Reading... -
23 Aug 2010
Panic is not a strategy
Seriously...it's not.In this new piece I wrote for Security & Technology Design magazine, I talk about the lack of incident response planning being one of if not the biggest risk in any given organization...and what you can do about it:Incident response: The biggest security gaffe of all?If anything, never forget what Captain Chesley Sullenberger said after he landed U.S. Airways flight 1549 into the Hudson River last year:"I didn't have ...
Continue Reading... -
23 Aug 2010
Common sense counts the most
A great quote I heard over the weekend has a direct tie-in to what we focus (or don't focus) our efforts on in information security. NASCAR champion Ned Jarrett said:"There's nothing stronger when you're trying to get something done than common sense."I couldn't agree more.In the realm of IT and managing information risks, I'll take common sense over book smarts any day....
Continue Reading... -
19 Aug 2010
Have you told someone “no” lately? It’s good for you.
Jack Canfield had a great quote that relates well to information security (and the lack of time to manage it) as well as our overall careers. He said:"Success depends on getting good at saying no without feeling guilty. You cannot get ahead with your own goals if you are always saying yes to someone else's projects. You can only get ahead with your desired lifestyle if you are focused on ...
Continue Reading... -
19 Aug 2010
How dare we question our rulers!?
I've kept my mouth shut about this long enough. Why aren't more Americans standing up against this mosque at ground zero nonsense!? The mosque is clearly nothing more than a symbolic mark of victory on our soil by the very group that's trying so hard to bring our society down. And our own government is facilitating this.Where is our country headed when one of our "rulers" says that any opposition ...
Continue Reading... -
12 Aug 2010
Apple’s iPad – a forensic investigation in the making?
Here's a new piece I wrote for SearchCompliance.com on regarding the realities and risks of iPads in the enterprise.Enterprise iPads: Compliance risk or productivity tool?Simply put, they're not all that different that other mobile computing devices but they do bring something unique to the table...Speaking of "i" devices in the enterprise, here's a great read I saw recently in Information Week that outlines a scenario that's at the root of ...
Continue Reading... -
12 Aug 2010
Metasploit enters the Web arena
OK, Metasploit has had several Web-related exploits for years but HD and company are now getting serious about taking Web application scanning and exploitation to the next level.As with Metasploit and Metasploit Express, there's only so much you can do with scanner and exploit tools so the verdict is still out. I love this innovation nonetheless....
Continue Reading... -
11 Aug 2010
Is car hacking the next big thing?
For years I've been telling close friends who share my motorsports passion that we're going to start seeing cars getting hacked. I believe this to be especially true once cars are online and communicating with the "smart highway" system we're slowly approaching.Well, we're now starting to see the beginning of such hacks. Some research was uncovered earlier this year on how a car's ECU (electronic control unit) can be manipulated ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
