-
08 Jun 2008The essence of security policies in most organizations
I just came across this quote which really stood out as a concise analogy of information security policies in most organizations:"The United States is a nation of laws: badly written and randomly enforced." - Frank ZappaAnd people wonder why they still have security problems......
Continue Reading... -
08 Jun 2008
Why PCI DSS gets the attention of management
I was thinking about all the hype surrounding PCI DSS requirement 6.6 compliance. The deadline is just three weeks away. I do a lot of compliance-related work and have seen the interpretation of 'compliance' all over the map. Why is PCI DSS any different?Well, for the most part, it's not like other regulations such as HIPAA and GLBA where many in management give it lip service but don’t really do ...
Continue Reading... -
06 Jun 2008
My security content from this week
Here's an information security article of mine that was published this week:How insiders hack SQL databases with free tools and a little luckAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
05 Jun 2008
When handling sensitive encrypted data – don’t just unencrypt it
Here's a prime example of just how encryption/change management/policies/whatever else mean nothing when someone makes a bad decision related to information security. Why was this sensitive information unencrypted when it was moved to a new system? Hint Mr. Contractor: all it takes to easily re-encrypt sensitive data is something as basic as Winzip. If you have to decrypt it to use it...then just re-encrypt when you're done.If you're ever caught ...
Continue Reading... -
04 Jun 2008
A good reason to lock your screen when you’re away…
I was just thinking about all the passwords our Web browser(s) want save for us for the sake of convenience. It's a great feature that I know I couldn't live without. I know many other people do it too. If you're one of them, be very, very careful leaving your computer screen unlocked when you leave your desk - especially for lunch, for a meeting, or for the day. What ...
Continue Reading... -
04 Jun 2008
Upcoming keynote presentation I’m giving for GSCPAs
Two weeks from this Friday - on June 20th, 2008 - I'll be giving the keynote presentation for the Georgia Society of CPA's Tech Conference...Here's the press release:Principle Logic’s Kevin Beaver to Keynote GA Society of CPA's Tech ConferenceKevin Beaver, independent information security expert with Atlanta-based Principle Logic, LLC, will be keynoting the Georgia Society of CPA’s 2008 Technology Conference. Kevin will apply his practical and no-nonsense approach to security ...
Continue Reading... -
03 Jun 2008
Google’s privacy policy…who really cares!?
Here's an interesting request by privacy and consumer groups to strong arm Google into posting its privacy policy on its home page. Apparently it's the law in California, but as we see day in and day out (especially in the state of California!) the rule of law doesn't really mean that much. It's majority - I mean mob - rule now in what used to be our Constitutional Republic.I don't ...
Continue Reading... -
03 Jun 2008
Two job resources in case you’re looking…
Here are a couple of mailing lists worth checking out if you're looking for a new job in information security:http://jobcenter.ittoolbox.com (under 'Sign up for Job Alerts' - you may have to login)http://www.securityfocus.com/archive (select Security Jobs and enter your email address)You may get a lot of notifications, but if you're in the market, that's not a bad thing! I've seen some jobs posted that actually look pretty good....
Continue Reading... -
30 May 2008
My security content from this week
Here's an information security article of mine that was published this week:Free tools that can improve IIS securityAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
28 May 2008
What do you do for Web site security…?
I received an email yesterday from Redmond Magazine (a good trade rag) that caught my attention. The title of the email said "Trust in Web Site Security is Declining. What Should You Do?" I thought, really!?...are you serious? and well, I don't know what to do, let me see just what the solution is. [tongue in cheek]Low and behold it was an email sponsored by Verisign about their whitepaper entitled ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
