-
26 Mar 2009So, policies are important?
I had the privilege and pleasure of having lunch with security maven - and policy king - Charles Cresson Wood last week while he was in town speaking at a show. Here's a good read I just came across on some more of his thoughts regarding what many think of as a drab subject that doesn't really matter in the grand scheme of things. It'll get you thinking...Maybe time for ...
Continue Reading... -
25 Mar 2009
Great quote for these times…
Here's something for you to ponder when it comes to thinking about the world economy, your career, your job:"When written in Chinese, the word 'crisis' is composed of two characters - one represents danger and the other represents opportunity." - John F. Kennedy...
Continue Reading... -
20 Mar 2009
Had a great time with ISACA yesterday
The South Carolina chapter of ISACA brought me in for a seminar yesterday that was chock full of fun. My main contact with the chapter, Sue Rusher, was a real gem to work with. She and her team made me feel right at home and they hosted the event at a great facility.I'm seeing more and more businesses and organizations like ISACA do seminars like this. The content comes to ...
Continue Reading... -
20 Mar 2009
Another Web security scanner to check out
OK, I covered Acunetix Web Vulnerability Scanner in a previous post and now it's time to share a bit about another Web vulnerability scanner called N-Stalker Web Application Security Scanner 2009. I've used N-Stalker for a while dating back to when it was a free product nearly 10 years ago. Compared to the competition I must to admit that I haven't been really impressed with the tool until now. Thiago ...
Continue Reading... -
20 Mar 2009
My latest security content
I've got some new information security content you may be interested in.First off, here's an article I wrote for SearchWinIT.com:Will a degree or certification help enhance your IT career?...and one I wrote for SearchEnterpriseDesktop.com:Why should Windows shops use Microsoft Baseline Security Analyzer?...and finally a webcast I just recorded for SearchSoftwareQuality.com:Essential Elements of Web Application Penetration TestingAs always, check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts ...
Continue Reading... -
20 Mar 2009
How about enacting a policy to punish someone?
Imagine if someone at work ticked you off and you had the ability to enact a new IT/security policy that only affected that person. Something like no more Internet access or pay-per-use fees for laptops or, say, complete oversight and scrutiny of the person's every action when they're using the computer.Sounds absurd doesn't it....Well, it is and so is this ridiculous new law our House passed yesterday that will tax ...
Continue Reading... -
16 Mar 2009
Is not patching being negligent?
Well, Microsoft's Roger Halbheer thinks so - at least related to the Conficker worm as discussed here. By and large I agree.Everything in business and everything in life depends on us making choices. We choose the behavior - in this case not applying a highly-critical patch - we choose the consequences....especially if it's an oversight because someone in IT was goofing off.With all the talk about the importance of patching ...
Continue Reading... -
11 Mar 2009
My deep thought of the year
Relating to how people are set in their ways:Security problems change....people don't. Therein lies the problem. --Yours truly...
Continue Reading... -
11 Mar 2009
Linux admin = ego trip?
I recently started writing for SearchEnterpriseLinux.com...My first bit was on a topic that no one seems to want to talk about: Linux security. Entitled Five common Linux security vulnerabilities you may be overlooking, the article currently has the lowest rating I've received on any article I've ever written for TechTarget dating back to 2002...Woohoo! You definitely can't win them all.Sure, the article's light - it was intended to be an ...
Continue Reading... -
10 Mar 2009
My latest security content
I have some new information security content that you may be interested in. First, here's an article I wrote for SearchSQLServer.com:The fine line between not encrypting your databases and breach notification...and two articles I wrote for SearchSoftwareQuality.com:Using the Firefox Web Developer extension to find security flawsCloud computing and application security: Issues and risksEnjoy!Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
