-
28 Aug 2008Crazy things people do to get a Wi-Fi connection
Here's a funny bit about things people have done to get wireless Internet access. Some of these are pretty stupid when you consider the consequences of connecting to a rogue AP where someone's watching your every move on the other end (i.e. web sites browsed, passwords entered, emails sent, etc.). Not to mention exploiting your system for remote access.Reminds me of how much I love my air card.......
Continue Reading... -
27 Aug 2008
Do developers really think of security this way?
I was just perusing the latest Programmer's Paradise catalog. The catalog is chock full of developer tools - everything you need for application lifecycle management. Well almost. Their Security section of products made me laugh. I was expecting to see products like DevInspect, Ounce 6, and Fortify 360. But no, what's in there is what all too many developers still see as "security": Reflex Security's VSA Firewall, GFI EndPointSecurity, PGP ...
Continue Reading... -
27 Aug 2008
A chronology of HIPAA convictions
Does HIPAA affect your organization? It probably does somehow some way at least indirectly. If not, we're all affected personally. Well, my friend and brilliant colleague, Becky Herold, has kept up with HIPAA-related convictions over the past few years. I'm surprised that only seven convictions have taken place. There's no doubt that more violations have occurred...Interestingly, there's only been one sanction given for noncompliance. Only one healthcare organization out of ...
Continue Reading... -
27 Aug 2008
Gotta love the overused “computer glitch” excuse
Here we go again with a "computer glitch" causing a big problem - this time with the FAA's flight plan tracking system.Last time I checked, computers are told what to do...I studied computers at the bit level for way too many years in college to know that PEOPLE cause computer problems. It's easier to blame computers though. They don't argue back. Yet....
Continue Reading... -
26 Aug 2008
Finally…someone gets their Web security policy right!
When most companies claim Web "security" they tout SSL like I mentioned here. I've had trouble figuring out why the buck stops there...maybe because they're being written by people in marketing??Anyway, LinkedIn finally got it right. The security stipulation in their privacy policy goes beyond SSL:In order to secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected ...
Continue Reading... -
26 Aug 2008
Great quotes related to information security management
...or mismanagement if you will:The first quote relates to management's responsibility and using wisely their power of choice when it comes to doing poorly on a security assessment, failing an audit, experiencing a security breach, and falling out of compliance:"Failure to hit the bullseye is never the fault of the target." - Gilbert ArlandThe second one relates to management not supporting information initiatives year after year and then, once a ...
Continue Reading... -
25 Aug 2008
My security content from last week – chock full of good stuff
OK - I finally got the links to my latest material. Here are some articles about getting management on board with security (one of the hardest things we face) , controlling unstructured information, Web apps, storage, and more that you may be interested in checking out: Making the Business Case for Information Security Document Security - Protecting sensitive information both inside and outside of the firewall 7 Essentials for Selecting ...
Continue Reading... -
21 Aug 2008
A wireless security assessment tool you can’t overlook
Many people tout how great open source and freeware wireless tools are for finding and exploiting wireless network vulnerabilities - myself included. However, if you're performing a wireless assessment, you don't want to overlook the value the commercial tools have to offer.The commercial tool I've been using for a while - since before I co-authored Hacking Wireless Networks For Dummies - is AirMagnet's WiFi Analyzer (formerly their "Laptop" product). It's ...
Continue Reading... -
21 Aug 2008
Questions posed to me about information security careers
Here's another security career question from someone who is about to graduate with an IT bachelor's degree and is planning to work in the information security field:"...What is the best certificates you can recommend on information security to go through these days? How about going through Cisco Networking certificates such as CCIE. Is it better than CISSP? Actually I'm confused about either Cisco or CISSP. Should I be employed first ...
Continue Reading... -
21 Aug 2008
Questions posed to me about information security careers
This is something I'm going to start doing more of on my blog...That is, posting questions regarding security careers that people email to me along with my responses back to them. I think this is something that many of you might benefit from.Here's a recent one from a software engineer with three years experience:"...I work creating Web sites. I want to be an expert in information security for Web-based systems. ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
