close
The Wayback Machine - https://web.archive.org/web/20081218213700/http://blogs.csoonline.com:80/
  • A CEO's tale of disappointment

    I met the CEO of a holding company on a recent flight to North Carolina. Our conversation started on the topic of my 'Art of War' column. The column, I explained, is focused on sharing Sun Tzu's insights on strategy with information security practitioners. At firts he was silent, but I could tell something was wrong.

  • The effect of paradigms on our perspective of security.

    “Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm.” --Donella Meadows For some of us, security is realized through physical and network controls that address the risks to a given environment. Others view techniques aimed at education and user empowerment as critical to organizational security. Then there are those who march onto the risk landscape under the banner of effective governance and oversight.

» read more

» read more

  • Decatur library hacked back to the 80s

    If you're signing out books from the Decatur Public Library, you're gonna have to do it the old fashioned way because computers there have been hacked. Will they catch the miscreant? Maybe not, after admins destroyed evidence while trying to fix things.

  • Major flaw found in .pdf reader

    Core security says they've found a major bug in a .pdf browsing product and will release more information on the problem Tuesday.

  • Sarah Palin hackers hit the wrong Yahoo account

    If hackers hit Governor Sarah Palin's Yahoo account looking for official state business, then they broke into the wrong account.

» read more

  • Blowing the Whistle - Why It Is Demanded of Security Professionals

    Tyler Durden: [pointing at an emergency instruction manual on a plane] You know why they put oxygen masks on planes? Narrator: So you can breath. Tyler Durden: Oxygen gets you high. In a catastrophic emergency, you're taking giant panicked breaths. Suddenly you become euphoric, docile. You accept your fate. It's all right here. Emergency water landing - 600 miles an hour. Blank faces, calm as Hindu cows.

  • Security on a ShoeString Budget

    If your security department says they cannot deploy a network access control solution, tell them they are not being innovative enough and send them the attached document. They can do it. If they tell you then need a half million dollars for whole disk encryption or something to find bots, tell them they are full of you know what and send them the attached.

  • C4I – The Holy Grail for Centralized Security and Risk Management

    As each year grinds on, we continue to operate at high levels of operational expense since we can be nothing more than a jack of many vendors and a master of none.

» read more

  • Army Adds Second Life Recruiting - Is This a New Trend?

    The Army has announced that they will open a virtual recruiting center in January 2009. Two new Second Life islands will be information hubs for interested Army candidates and their families. Meanwhile, the State of Missouri has already been recruiting in Second Life for years. Is it time to cleanup your avatar to get a job?

  • Obama's 21st Century New Deal Needs to Include Cyber Ethics Training

    President-elect Barack Obama offered a sweeping set of proposals to upgrade infrastructures and skill sets across the nation in order to kick-start the economy. His weekly address, delivered as a YouTube video from Change.gov, included several major technology initiatives like giving more computers to schools. But we'd better not forget security and cyber ethics as we role out the new plan. Here's why...

  • Cyber Monday Is Here - Again

    Cyber Monday 2008 has arrived. You know, that Monday after Black Friday which comes the day after Thanksgiving. So why should Chief Security Officers (CSOs) care? Here's a primer for the rookie CSO.

» read more

  • Microblogging, Useful Business Tool or Productivity Buster

    You may recall a blog entry some months ago about recent studies showing the incredible waste of business productivity resulting from constant interruptions in employee work to review e-mail. Now a new contender for lost productivity champion has appeared on the horizon: microblogging. Supporters argue that employees can continuously update their progress on projects and other matters throughout the day by posting brief (micro) entries on an internal blog. Of course, like 99.9999% of other blogs on the Internet, the likelihood anyone, other than a very select few, will ever review postings is remote at best. The question then arises, couldn’t the same result be obtained by an e-mail, with a predefined project distribution list, achieve the same result, without the investment in implementing yet another technology solution that will likely find little use? Also, what is the likelihood these blogs will be perused by other employees having no real business purpose in doing so – presenting yet another opportunity for lost productivity. The blog could certainly be configured to permit only relevant employees to review its contents, but that argues in favor of simply using an e-mail to update progress on a project rather than implementing an entirely new technology.

  • Trojan Horse Contracts?

    Vendor contracts are increasingly including provisions that could lead to breaches of security. At first glance, these types of provisions may appear innocuous, but they create the circumstances under which compromises of security may occur. A few examples:

  • Basic Elements of Document Retention Policies

    Following up on my last posting, this week I talk about the basic elements of a document retention policy. While a review of the broad range of applicable laws cannot be addressed here, there are certain general guidelines for the establishment and implementation of a retention program that should be considered in developing a policy:

» read more

  • Microsoft hires Dick Hardt

    The "big" piece of news as of late in the world of identity has nothing to do with deployments, protocol battles, or product launches.

  • Send me your identity ideas for DIDW09

    Believe it or not, I'm digging in for Digital ID World 2009 (september in Vegas, baby!). And I need your help.

  • Identity Fun on a Friday

    Admittedly, enterprise architects and CSOs aren't closely following the "ins and outs" of Facebook Connect, OpenID, etc.

» read more

» read more

» read more

» read more

Sponsored Links

Manage your IT more effectively

Efficient - Flexible - Compliant

Learn how the new Quad-Core AMD Opteron™ processor improves performance

The Mainframe Conundrum: Escalating Workloads, Shrinking Staff

Mainframe Tape Encryption Key Management

Employing Best Practices for Tape Encryption

The Evolution of Application Security - Reducing Risk in Your Organization

Envision Identity-Based Access Control for the Datacenter

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Efficient - Flexible - Compliant

Optimizing Mainframe Success by Simplifying Mainframe Ownership

Expanding Roles of Data Management Professionals: A Survey from Industry Peers

Safeguarding the New Currency of Business

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Key strategies for C-level executives and security staff

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard