-
21 Apr 2009RSA news: virtual machine security, finally!?
Now vendors and developers have a way to ward off down those dreaded virtual machine vulnerabilities plaguing every network. It's VMware's VMsafe API to the rescue. Finally a virtual machine security solution!Now if we can just find a way to get people to:Require strong passwords on their virtual machinesPatch their virtual machinesDisable unnecessary and unsecured network shares on their virtual machinesTurn off unneeded services on their virtual machinesEncrypt the drives ...
Continue Reading... -
21 Apr 2009
I’m on Twitter
Not sure why yet but figured I'd check it out and hopefully provide some value while gaining some exposure.http://twitter.com/kevinbeaver...
Continue Reading... -
21 Apr 2009
Isn’t this what HIPAA was for?
I read the first paragraph in this piece regarding Obama's mandate that we move to electronic medical records (a big step in nationalizing healthcare in this country). It says "The aim is to improve medical care, increase the efficiency of heath care delivery and ultimately cut health care costs." When I co-wrote our book on HIPAA compliance back in 2003, improving medical care, increasing the efficiency of heath care delivery ...
Continue Reading... -
20 Apr 2009
Neat open source SIM tool
I attended a local networking event here in town last week where a representative from AlienVault presented their open source security incident/event management tool called OSSIM. I had to endure a painful sales pitch (that wasn't supposed to be a sales pitch, mind you) and a simple-minded "use this product for all your needs" approach to information security...but the tool actually looks promising. It's a "free" way to pull together ...
Continue Reading... -
20 Apr 2009
America’s next step?
Is this some insight into where the world is headed with regards to information privacy and security?:UK launches massive, one-year program to archive every emailI'll be curious to see how such control and monitoring affects international business long term in the U.K and across Europe. Some organizations outside Big Brother-ville may not want to take this on. But then again, many in management have their heads buried only thinking short-term ...
Continue Reading... -
20 Apr 2009
RSA this week
Since our Imperial Federal Government wants more of its "fair share" of taxes from me for 2008, I'm focusing on minimizing my overhead this year. This means no traveling out to RSA for this week's show.I was originally going to go - especially since I can get in for free on a press/blogger pass. But once I started adding up the other costs (plane, hotel, transportation, meals, and other fees/taxes/etc. ...
Continue Reading... -
17 Apr 2009
My latest security content + some weekend homework
There's a Japanese proverb that says "Vision without action is a daydream. Action without vision is a nightmare." You may have also heard that if you don't have goals for yourself you're doomed forever to achieve the goals of someone else.Well, I've got a challenge for you. Take 1 hour this weekend and dedicate it to working on your goals. Whether you need to start from scratch or just want ...
Continue Reading... -
16 Apr 2009
What to look for in a security scanner
Since I'm on the subject of talking about security scanners, here's a link to an article I wrote a couple of years ago that's still very relevant. Check it out:What to look for in a Web application security testing toolSome of what I say in this piece supports my stance in the previous blog that you cannot automate this stuff and assume you've done your due diligence....
Continue Reading... -
16 Apr 2009
Someting you need to know about all-in-one scanners
I've been approached a couple of times in the past few weeks regarding the "scanner" and "vulnerability management" vendors that are touting their all-in-one approach to security vulnerability assessments and compliance scans. The interest has been around PCI DSS and specifically Rapid7's solutions (apparently their marketing folks are doing a good job). There are other vendors coming into the space as well including a big one being announced at RSA ...
Continue Reading... -
13 Apr 2009
My latest security content
OK, here's my latest information security content.For starters, here are two articles I wrote for SearchSoftwareQuality.com:Common software security risks and oversights The role of quality assurance pros in software security...as well as a follow-up to a previous SearchEnterpriseLinux.com article:A look at real-world exploits of Linux security vulnerabilitiesI've said it before and I'll say it again, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
