My latest security content (finally!)

I can't believe it's been this long! I've been so busy writing and haven't made the time to post my links. No excuses. Anyway, here's my latest information security content - some good stuff on politics and careers that can help you get off to a nice start in 2010.

Networking with the bigwigs to gain support for IT

Dos and don'ts when serving on an IT committee

Five things you need to know about politics in IT

Much, much more to come...Enjoy!

In the meantime, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, Twitter updates, and more.

Read More

"Top Blogs" list & some home security considerations

I think I may have found the first sign that my blog is growing and gaining some traction. I've made it to the Top 20 Home Security Bloggers list. Many thanks to Adrienne Carlson for this. There are some other interesting blogs on her list so check it out.

Speaking of home security here's something to consider while home with your family over the holidays. Many believe we have a "right" to self defense and that the police will be there when we need them. In fact, when seconds count the police are only minutes away. I think deep down most people know this.

Our courts have ruled we have no right to police protection and time and again 911 centers around the country prove that we are, by and large, on our own when seconds count - like what happened in this recent incident in Atlanta.

Don't get me wrong. I'm 100% behind law enforcement officers - I've worked in the field and have friends and family in it as well. But like teachers in government schools, it's not the individuals, it's the system. Our government at work. Make your own decisions and stay safe!

Read More

How Tiger Woods' marriage is like risk management

In the seemingly unavoidable media drone tirades hammering Tiger Woods and his marital situation I realized the tie-ins that such high-profile marriages have with what we do in the information security field. It boils down to two things:

1. It's all about the money
2. The focus going in is on who can get the most out of it - "what's in it for me?"

We see this all the time when it comes to information security - executives, legal counsel, and CFOs flexing their muscles pushing back on security initiatives until they're gone for good. I worked on a project where this very thing happened and it ultimately led to tens of thousands of computers being "0wned" by the bad guys. Funny how some people assume that heads buried in sand is a good risk mitigation strategy.

Sadly so many people go into marriage this way. It's all about the contracts, the lawyers, and the selfishness. Meanwhile the very essence of marriage is ignored. Obviously not a viable long-term strategy for marriage or information security...but people will continue on in their same old ways and thus the cycle will continue on.

Read More

Another file/folder security option

One of the biggest vulnerabilities I come across in my security assessments is sensitive information scattered about unprotected drives/shares. Solutions to this dilemma include locating/classifying different information types, locking down shares and file permissions, and encrypting information on mobile devices. If the latter option interests you there's a new company I stumbled across called New Softwares.net that sells very reasonably-priced software that can help. I haven't tried it out yet but it's worth a look-see.

Read More

Funny thing about notices of privacy practices

I just received a "notice of insurance information practices" from my health insurance provider that says something to the effect of:
"ALL INFORMATION CONFIDENTIAL. We're required by law to keep your information confidential. It will be seen only by our employees and authorized business associates."

Really? Pretty gutsy statement from any business but especially one who's already been listed on the Chronology of Data Breaches.

Read More