Talk is cheap: Time to rethink your data retention strategy (or lack thereof)?

Here's a fascinating story about a court case involving data retention you need to read. And pass it along to your management as well. It talks about how businesses aren't doing what they need to be doing with regard to data retention and how decisions are being made for us by the courts.



Interestingly most businesses I come across (large and small) don't have any semblance of a data retention policy in place - much less do it well. Or they have their in-house legal counsel in charge of it often resulting in nothing more than a piece of paper saying what's supposedly being done (but usually isn't) and management signing off on it under the assumption that all is well in IT-land. It's the same issue I talk about in this recent article I wrote for SearchCompliance.com:

Why it may not be ideal for your lawyer to be your compliance officer



Maybe it's time for business managers to stop hiding behind their "talk" and start doing something about this stuff before something negative comes of it...We're often presented with the opportunity to make decisions. If we choose not to, they're going to be made for us.

Read More

My new book: Implementation Strategies for Fulfilling and Maintaining IT Compliance

Check out my latest book published by Realtimepublishers.com:


In Implementation Strategies for Fulfilling and Maintaining IT Compliance I share strategic and tactical methods for getting your arms around the compliance beast. You can download all the chapters (below) for free by signing up on Realtime's site. They've got a ton over other good content too.

Here's the low down:
Businesses are struggling more and more with the compliance requirements being pushed on them from every angle. The reality is that such regulations aren't going away. However, there’s a silver lining – IT compliance doesn’t have to be that difficult and once you've mastered compliance it can serve as a business enabler and competitive differentiator.

In Implementation Strategies for Fulfilling and Maintaining IT Compliance, a practical guide on real-world issues related to IT compliance, the reader will find reasonable solutions for the professionals responsible for making things happen.

It's great for anyone faced with implementing the standards mandated by regulations such as HIPAA, HITECH Act, GLBA, SOX, and PCI DSS. CIOs, compliance officers, IT directors and network administrators can all benefit from the anecdotal stories, down-to-earth strategies and sage advice for creating gaining and maintaining control of IT compliance so that it can enable rather than hinder the business moving forward.

Chapter 1: Understanding the Real-World Issues Associated with IT Compliance
Chapter 2: The Costs of Compliance and Why It Doesn't Have to be So Expensive
Chapter 3: Simplifying and Automating to Reduce Information Systems Complexity
Chapter 4: Establishing a System of Network Visibility and Ongoing Maintenance

Enjoy!

Read More

Join me live today at Dark Reading's webinar #iwkdrbreaches

I'm speaking at the #Information Week/Dark Reading Virtual Trade Show How Security Breaches Happen and What Your Organization Can Do About It.



My session is titled How to Win the War Against Cybercrime and starts at 2:30pm ET. Here are a few words about it:

What are you doing to avoid becoming the next Wikileaks, Google, or Sony? Despite the fact that businesses will spend over 50 billion dollars worldwide on IT security projects this year, it is a virtual certainty that your organization will experience a security breach at some point.



While the complexity of cyber threats may be increasing, the good news is that the answer to combating these threats need not be complex. By implementing solutions that integrate your identity, access, and security environments, you can protect your organization's network, systems, and critical information from insiders and criminal hackers.



In this presentation, noted information security expert Kevin Beaver will discuss current and evolving cyber security threats, some common oversights he sees in his work and recommend solutions that deliver the information you need to reduce the risk of security breaches across your enterprise.



Thanks to the nice folks at NetIQ for making it happen.



Hope to "see" you there!

Read More

What direction are you heading with data protection?

Here's a new guest blog post I wrote for the folks at Credant:



Heading in the Wrong Direction with Data Protection?



You may see this differently but I think we're heading down the wrong path in this area - especially on phones and other mobile devices. I suspect we'll end up in a situation like we have recently in the U.S. where the very people putting the "stimulus" bill and Obamacare in place are suddenly clamoring to get our national debt under control. Come 2013 or so, it'll be, remember those vendors and bloggers spouting off about how important mobile security was back in 2010/2011 when our network environment was much simpler?



The inability to think long-term is so, so dangerous folks. Don't be like our politicians who can't see past the next election. Make the decision to get your arms around the mobile security beast now. Start today. Here's a link to some resources that can help.

Read More

Fine-tuning your Web application security

I think I could write about Web application security every hour of every day...there's just so much involved with building secure apps, proper security testing, getting (and keeping) management on board and so on...But I wouldn't want to torture you in that way. Anyway, here are a few bits you may be interested in:



Properly scoping your Web security assessments



The cure for many Web application security ills



How much Web security is enough?



Enjoy!



As always, be sure to check out www.principlelogic.com/resources.html for links to my additional Web security whitepapers, podcasts, webcasts, books and more.

Read More

Getting ahead in your career + keeping IT staff on board

Here are some new bits I've written about IT and information security careers. First, what you can do to stand out above the noise and move your career ahead:

How IT pros can boost their worth -- and their salaries



...and second, what management can do to keep IT and security professionals interested in their jobs and on board with the business:

How to retain your IT talent



8 best practices for retaining IT talent



Enjoy!



As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more.

Read More

What's up with conferences in October?

I've had to turn down 3 speaking engagements the weeks of October 10th & 17th because I'm, well, speaking at other shows those weeks. Maybe it's something about the weather that time of year? Perhaps discounted meeting facility rental rates? I suspect the real reason is that all the top-notch security speakers are busy then so the conference organizers are reaching out to second stringers like me.



BTW, my apologies for being silent on my blog over the past week...will be re-engaging soon. Have a great weekend!

Read More

My webcast/Q&A today on managing network threats

Join me today in TechTarget's SearchCompliance.com virtual tradeshow:

Enterprise Risk Management: Mitigation Strategies for Today's Global Enterprise



My presentation "Managing Network Security Threats with an ERM Strategy" starts around 3pm ET and I'll be doing a live Q&A just after.

Read More

Steve Jobs' ridiculous iTunes interface

I just spent 6.5 minutes cracking a family member's laptop password in order to demonstrate the dangers of not having whole disk encryption. I then went on to spend 20 minutes+ of my life trying to sync some new music to an iPod Touch with the unbelievably difficult iTunes interface.... After investing a lot of time (that I'll never get back, mind you) I still didn't get the music synced.



What's wrong with this picture!?



Apple and Mr. Jobs: Ask any IT professional what they think about iTunes and it'll echo my experience. We all dislike it in the same way. What gives?

Read More

You're the sum of your choices

Here's a 67 second video that defines the essence of where we are in life, our careers and even in information security today:



I really like what John Wooden said:
"There's a choice you have to make in everything you do. So keep in mind that in the end the choice you make makes you."

I also love what John Maxwell says:
"It's your personal choices. If they're good, it's going to help make you. If they're bad, it's going to be the unmaking of you."

Indeed, we must use wisely our power of choice...Great stuff.

Read More

Digital distractions take top priority

Be it texting while driving, browsing Facebook while in a meeting or checking emails while having lunch with a friend, it seems that there's always something better for us to be doing. It's so much easier being somewhere else rather than in the moment. That's the essence of this well-written piece on Gizmodo:
The Epidemic of Digital Distraction

You see there's a human epidemic that not many people really care to acknowledge or talk about. It's the dangerous desire for instant gratification. Those who don't have the ability to think long term create many, many problems in their own lives and many, many problems in society (think big government). I believe it also contributes to people goofing off on the job.

Don't get me wrong, the desire for instant gratification is in us all. We just have to be disciplined enough to make the right choices. If you're interested in finding ways to slow down and live in the moment, you must read The Speed Trap:



It helped solidify this concept and made me realize I need to focus on the things that count.

Read More

The difference between "No" and "How"

Here's a humorous and thought-provoking post by my friend Pete Lindstrom that you should check out:
Dr. Laura as Information Security Officer

It's so easy for people to say "No" to information security rather than "How"...similar to how many people - children and adults alike - say "I can't!" rather than "How can I?".

People are always going to take the path of least resistance...if you let them.

Read More

Indeed, many executives are insulated from reality

Here's a piece where I, Richard Stiennon, Andrew Baker and others weigh on executive management's involvement in information security:

Focus Experts’ Briefing: How CEOs Can Prepare for and Respond to Cyberattacks

Unless and until executives get on board with security - across the board - I'll continue reciting one of my favorite quotes:

“Many executives are insulated from reality and consequently don’t know what the hell is going on.” -James Champy

Read More