- A CEO's tale of disappointment
I met the CEO of a holding company on a recent flight to North Carolina. Our conversation started on the topic of my 'Art of War' column. The column, I explained, is focused on sharing Sun Tzu's insights on strategy with information security practitioners. At firts he was silent, but I could tell something was wrong.
- The effect of paradigms on our perspective of security.
“Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm.” --Donella Meadows For some of us, security is realized through physical and network controls that address the risks to a given environment. Others view techniques aimed at education and user empowerment as critical to organizational security. Then there are those who march onto the risk landscape under the banner of effective governance and oversight.
- Business Continuity Event Planning: Building a recovery strategy
A strategy built on unachievable assumptions results in incident response and recovery plans with little or no chance of success.
- Unsure about your DNS security? Use a free, comprehensive vulnerability test
This week, I’m once again delaying the next installment in the business continuity event management series to discuss what I believe is one of the most valuable free solutions for identifying
- Business Continuity Event Planning: Analysis and Containment
When a business continuity event (BCE) is detected, the first impulse is to jump and fix it as soon as possible. In many cases, this might work fine. However, the few times the jump-and-fix approach might actually cause more damage should be enough justification to pause first to analyze the event and notify stakeholders. In this post I continue my examination of BCE response by moving from detection to preliminary analysis and containment.
- Decatur library hacked back to the 80s
If you're signing out books from the Decatur Public Library, you're gonna have to do it the old fashioned way because computers there have been hacked. Will they catch the miscreant? Maybe not, after admins destroyed evidence while trying to fix things.
- Major flaw found in .pdf reader
Core security says they've found a major bug in a .pdf browsing product and will release more information on the problem Tuesday.
- Sarah Palin hackers hit the wrong Yahoo account
If hackers hit Governor Sarah Palin's Yahoo account looking for official state business, then they broke into the wrong account.
- Blowing the Whistle - Why It Is Demanded of Security Professionals
Tyler Durden: [pointing at an emergency instruction manual on a plane] You know why they put oxygen masks on planes? Narrator: So you can breath. Tyler Durden: Oxygen gets you high. In a catastrophic emergency, you're taking giant panicked breaths. Suddenly you become euphoric, docile. You accept your fate. It's all right here. Emergency water landing - 600 miles an hour. Blank faces, calm as Hindu cows.
- Security on a ShoeString Budget
If your security department says they cannot deploy a network access control solution, tell them they are not being innovative enough and send them the attached document. They can do it. If they tell you then need a half million dollars for whole disk encryption or something to find bots, tell them they are full of you know what and send them the attached.
- C4I – The Holy Grail for Centralized Security and Risk Management
As each year grinds on, we continue to operate at high levels of operational expense since we can be nothing more than a jack of many vendors and a master of none.
- Army Adds Second Life Recruiting - Is This a New Trend?
The Army has announced that they will open a virtual recruiting center in January 2009. Two new Second Life islands will be information hubs for interested Army candidates and their families. Meanwhile, the State of Missouri has already been recruiting in Second Life for years. Is it time to cleanup your avatar to get a job?
- Obama's 21st Century New Deal Needs to Include Cyber Ethics Training
President-elect Barack Obama offered a sweeping set of proposals to upgrade infrastructures and skill sets across the nation in order to kick-start the economy. His weekly address, delivered as a YouTube video from Change.gov, included several major technology initiatives like giving more computers to schools. But we'd better not forget security and cyber ethics as we role out the new plan. Here's why...
- Cyber Monday Is Here - Again
Cyber Monday 2008 has arrived. You know, that Monday after Black Friday which comes the day after Thanksgiving. So why should Chief Security Officers (CSOs) care? Here's a primer for the rookie CSO.
- Microblogging, Useful Business Tool or Productivity Buster
You may recall a blog entry some months ago about recent studies showing the incredible waste of business productivity resulting from constant interruptions in employee work to review e-mail. Now a new contender for lost productivity champion has appeared on the horizon: microblogging. Supporters argue that employees can continuously update their progress on projects and other matters throughout the day by posting brief (micro) entries on an internal blog. Of course, like 99.9999% of other blogs on the Internet, the likelihood anyone, other than a very select few, will ever review postings is remote at best. The question then arises, couldn’t the same result be obtained by an e-mail, with a predefined project distribution list, achieve the same result, without the investment in implementing yet another technology solution that will likely find little use? Also, what is the likelihood these blogs will be perused by other employees having no real business purpose in doing so – presenting yet another opportunity for lost productivity. The blog could certainly be configured to permit only relevant employees to review its contents, but that argues in favor of simply using an e-mail to update progress on a project rather than implementing an entirely new technology.
- Trojan Horse Contracts?
Vendor contracts are increasingly including provisions that could lead to breaches of security. At first glance, these types of provisions may appear innocuous, but they create the circumstances under which compromises of security may occur. A few examples:
- Basic Elements of Document Retention Policies
Following up on my last posting, this week I talk about the basic elements of a document retention policy. While a review of the broad range of applicable laws cannot be addressed here, there are certain general guidelines for the establishment and implementation of a retention program that should be considered in developing a policy:
- Microsoft hires Dick Hardt
The "big" piece of news as of late in the world of identity has nothing to do with deployments, protocol battles, or product launches.
- Send me your identity ideas for DIDW09
Believe it or not, I'm digging in for Digital ID World 2009 (september in Vegas, baby!). And I need your help.
- Identity Fun on a Friday
Admittedly, enterprise architects and CSOs aren't closely following the "ins and outs" of Facebook Connect, OpenID, etc.
- DLP Revisited
This November, CSO held it's Executive Seminar on Data Loss Prevention in New York City. Here is a recap of the event.
- The best-laid plans of mice and men sometimes go for naught
You can invest years in protecting the integrity and resiliency of your business...and then along comes something out of left field and you're ruined...just ask Indymac Bank.
- Snapshot of the Gartner IT Security Summit
This week's Gartner IT Security Summit saw some new things...but how much Gartner can anyone take in three days?
- Recent Moves: UMass Memorial Hospital Names Aske CISO
New position for former CSO of state Health and Human Services
- Bank of the West Names Ford CSO
FBI veteran Joseph Ford to lead integrated security operations
- Dassault Systemes names Swiatek CISO
Dassault Systemes has named Dr. Wojtek Swiatek Chief Information Security Officer.
- Olympics - Forensic Files?
Is nothing safe from forensics? It seems everything can be found out!
- This Could Happen To You
I'm just glad this wasn't me
- Email Scams - Will It Ever End?
How Dumb Do You Really Think We Are?














