-
31 Aug 2010NetScan Tools LE – a must-have for investigators
Have you ever had a need to run a program and get a relatively small amount of data just to do your job but end up getting caught in the complexity of the application and not getting what you need after all? That's happened to me a bunch.Well, NorthWest Performance Software (makers of a long-time favorite of mine: NetScanTools Pro) has a new tool that helps resolves this problem called ...
Continue Reading... -
30 Aug 2010
“New” Web security content to check out
Here are several new links to some recent (and, due to my crazy year, not so recent) articles I've written for various TechTarget sites on the subjects of Web application and server security:Web server weaknesses you don't want to overlook (the "rest of the story" of Web flaws)SQL injection tools for automated testing (a must-have for your toolkit)Beefing up SSL to ensure your applications are locked down (good for some ...
Continue Reading... -
27 Aug 2010
HIPAA & HITECH: new requirements + same approaches = new book
My colleague and co-author Becky Herold and I are working on the second edition of our HIPAA book and I'm realizing, wow, not much has changed in the way of managing information risks since we first wrote it in 2003. Yet, the protected health information breaches keep on occurring (look at the two latest ones from this week).Stay tuned though...we've got lots of good updates and new info forthcoming on ...
Continue Reading... -
27 Aug 2010
Work harder on yourself than you do on your job
Many people want to take the easy path that promises to lead them to their riches rather than work hard over the long term and earn it the good old-fashioned way. It's the lottery mentality. James Allen said it best:"Men are anxious to improve their circumstances, but are unwilling to improve themselves; they therefore remain bound." Want to get begin improving your circumstances in your life and in your IT/security ...
Continue Reading... -
26 Aug 2010
Good new book on security awareness
I have to admit, when my colleague Marcos Christodonte first approached me about reviewing his new security awareness book, Cyber Within, I thought here's yet another book on boring old security awareness. I was wrong. Cyber Within takes a very unique (suspense novel-like) approach to address the problem we have with employees and information security. And it works.The book is a quick read - just 47 pages - but it's ...
Continue Reading... -
26 Aug 2010
Acunetix WVS v7 – grand improvements in the making
When I find a good security tool I not only love using it but I love telling everyone about it. Having gone down this road many times myself, I understand the time, money, and hassle associated with investing in security tools that aren't all that. Well, here's one for you: Acunetix Web Vulnerability Scanner (AWVS) version 7 (it's currently in beta and free for you to try).The folks at at ...
Continue Reading... -
25 Aug 2010
500 million and counting…
I just received a press release from Beth Givens at the Privacy Rights Clearinghouse stating "500 Million Sensitive Records Breached Since 2005". 500 million+ known records that have been compromised in 5.5 years in the U.S. alone due to people in organizations large and small making poor choices about information security and privacy! Simply amazing.If you haven't seen the Chronology of Data Breaches, check it out. It's fascinating. The problem ...
Continue Reading... -
24 Aug 2010
Selling security: To persuade to is succeed
Okay, so your managers aren't getting security and your users aren't on board either. Security's not looking too good but you know it needs to happen. Just how can you "sell" security to those who matter most? Here's a collection of articles and blog posts I've written that address this very subject:How to get - and keep - user support with securityHow to get management on board with Web 2.0 ...
Continue Reading... -
24 Aug 2010
Relentless incrementalism
I don't know who coined the term "relentless incrementalism" but it's very fitting when it comes to information security. In the context of what we do, relentless incrementalism means doing small things over time that add up to big outcomes in the long term.All of us - management included - have to understand that security is not a one-time deal. Nor is it a product or a "compliant" status. It's ...
Continue Reading... -
23 Aug 2010
Panic is not a strategy
Seriously...it's not.In this new piece I wrote for Security & Technology Design magazine, I talk about the lack of incident response planning being one of if not the biggest risk in any given organization...and what you can do about it:Incident response: The biggest security gaffe of all?If anything, never forget what Captain Chesley Sullenberger said after he landed U.S. Airways flight 1549 into the Hudson River last year:"I didn't have ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
