Tech Support For Dummies

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 28 May 2012

Thank a veteran

Posted on 03:46 by Unknown
Saw this, unsure who wrote it, but I really like it:
  • It is the veteran, not the preacher, who has given you freedom of religion.
  • It is the veteran, not the reporter, who has given you freedom of the press.
  • It is the veteran, not the poet, who has given you freedom of speech.
  • It is the veteran, not the protester, who has given you freedom to assemble.
  • It is the veteran, not the lawyer, who has given you the right to a fair trial.
  • It is the veteran, not the politician, who has given you the right to vote.
  • It is the veteran, who salutes the Flag, who serves under the Flag, whose coffin is draped by the Flag.
Let us not forget why we have what we have. Happy Memorial Day.

Read More
Posted in great quotes, message from Kevin | No comments

Monday, 21 May 2012

Real-life example of people not seeing the big picture

Posted on 05:54 by Unknown
The inability to think long-term, to see the bigger picture consequences of our choices, is no doubt at the root of most information security problems. Here's an example of what I'm talking about...what's wrong with this car?




No, this isn't a race car with Hoosier racing slicks...it's a street car owned by someone working or shopping at a Wal-Mart who has chosen to drive with improper equipment. Like many people who choose to ignore information security problems, this poor sap won't know what hit him the next time he crosses standing water during a downpour.

We must think before we act or we're doomed to endure the consequences of our choices.
Read More
Posted in careers, goal setting, humor, personal responsibility, scary stuff, security leadership, stupid security, thinking long term | No comments

Friday, 18 May 2012

New video: My take on #BYOD - It's something you can't ignore

Posted on 14:55 by Unknown

Read More
Posted in | No comments

Tuesday, 15 May 2012

IT's malignant narcissism and what you can do to rise above the noise

Posted on 07:23 by Unknown
IT department optimism does not translate into IT department budget. That's what Jonathan Feldman wrote about in this Information Week piece. Their study provides lots of interesting insight into how many working in IT see things compared to, well, the rest of the business. I'm not surprised.

While we're on the subject, I've recorded a video on IT's role in fixing this problem and wrote a new piece for TechTarget's SearchWinIT.com site on why understanding management gets your IT department what it needs.

If you're going to move ahead - heck, even just survive - in IT, it's critical to understand how the desire for gain or fear of loss are at the basis of every "sale" you make. Stop thinking of yourself as an IT person and, instead, as a business professional who's helping the business move forward and accomplish its goals by leveraging IT.
Read More
Posted in careers, communication, scary stuff, security leadership, selling security, thinking long term | No comments

Friday, 11 May 2012

Web application security assessment war stories

Posted on 03:43 by Unknown
I spend a lot of time performing Web security assessments and every project is a neat learning experience for me. I'm always eager to share my Web security war stories, what to do and what NOT to do so here are some new pieces you may be interested in...From exploiting Web vulnerabilities to IT geek speak and a bunch of stuff in between, I hope there's something here for you:

The Value of Web Exploitation

Web Application Firewalls and the False Sense of Security They can Create

Not All Web Vulnerabilities Are What They Appear to Be

The One Web Security Testing Oversight You Don’t Want to Miss

IT Geek Speak and What Management Really Needs to Hear


Enjoy!

As always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Read More
Posted in application firewalls, automated scanner oversights, careers, Kevin's security content, penetration testing, security leadership, security testing tools, web application security, web server security | No comments

Thursday, 10 May 2012

New video: The things my most secure clients have in common

Posted on 07:21 by Unknown

Read More
Posted in Kevin's videos, personal responsibility, risk management, security leadership, security management, thinking long term | No comments

Quote on reasoning with the unreasonable and why character is critical

Posted on 05:42 by Unknown
Be it executives with their heads in the sand over security or know-it-all propeller heads who can't see the big picture of business risk, I've found that you just can't reason with the unreasonable. Here's something that Robert Schuller said that underscores the issue and helps us understand why being the bigger person is most important:

"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will accuse you of selfish ulterior motives. Do good anyway. If you are successful, you will win false friends and true enemies. Succeed anyway. Honesty and frankness make you vulnerable. Be honest and frank anyway."

Speaking of principles and character, I read a recent article by Larry Reed in the Atlanta Business Chronicle titled Character: Nothing is more important. This one piece sums up what I believe it truly takes to be successful in IT and information security. I especially like the part where Mr. Reed says "Integrity is more important than all the degrees you’ve earned, all the management courses you could possibly take, and all the knowledge that you could absorb on any subject." I couldn't agree more.


Focus on these things and you'll see that there's a vast conspiracy out there to make you successful.
Read More
Posted in careers, great quotes, information security quotes, personal responsibility, security leadership, stupid security, success, thinking long term | No comments

Thursday, 3 May 2012

Video: The (partial) solution to information security denial

Posted on 13:11 by Unknown

Read More
Posted in Kevin's videos, personal responsibility, security leadership, selling security, stupid security, thinking long term | No comments

The funny thing about iPhones & airplane toilets

Posted on 05:33 by Unknown
My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...

Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The captain got involved, and then maintenance, and then all the ensuing paperwork.

This incident reminded me of when the authorities shut down an interstate when some dude is threatening to jump from a bridge above. Imagine the economic impact. Few think about that...But thanks to the ever so brave maintenance man, the passenger ended up getting his "$900" iPhone back. He said he had insurance on it and needed it to be able to get a new one. Reasonable argument I suppose..if you're a hazmat kinda guy.

I feel for the poor sap at AT&T who takes it back not knowing where it's been.

I bring this up because it's a scenario that could very well play out in your enterprise. I'm not so sure that anything could be recovered from a phone after being immersed in a toilet...but you never know, especially if the phone has a Micro SD card for external storage (i.e. BlackBerry & Android-based devices).

Will your employees know what to do in this type of situation? Will it matter if the device is personally-owned versus business-owned? You need to develop a stance on this and integrate into your mobile security policy. Oh, and let everyone know about it. Will you need to enact any sort of incident response procedures or data breach notification (I can hear it now: "Sorry Mr. or Mrs. Customer, We've had a craptacular situation involving your data that you need to know about...").

It was a funny situation. Crappy jokes aside, this is certainly something to think about for your own business.
Read More
Posted in data breaches, data destruction, humor, incident response, mobile security, security policies, training, user awareness | No comments
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Popular Posts

  • How you can get developers on board with security starting today
    Some people - including a brilliant colleague of mine - think security is not the job of software developers . In the grand scheme of things...
  • NetScan Tools LE - a must-have for investigators
    Have you ever had a need to run a program and get a relatively small amount of data just to do your job but end up getting caught in the com...
  • "Top Blogs" list & some home security considerations
    I think I may have found the first sign that my blog is growing and gaining some traction. I've made it to the Top 20 Home Security Blog...
  • Wooo...HIPAA audits are coming & the irony of KPMG's involvement
    I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing ...
  • Great tool for seeking out sensitive info on your network
    One of the greatest risks in business today is the issue of unstructured information scattered about the network waiting to be misused and ...
  • It's hard being human
    Cavett Robert once said something about character that resonates within information security - especially regarding ongoing management and l...
  • Dario Franchitti and I
    As many of you know I'm a motorsports nut -both as a driver and a fan. This provided the influence for my Security On Wheels logo. Well,...
  • The value of partial code scanning, now
    Check out my new piece on the business value of partial code scanning where I outline why it's better to start your source code analysi...
  • Be it in healthcare or infosec, the short term is for losers
    With all the doctor & hospital visits I've gone (and am still going) through with family members in the past few years, I've com...
  • Live from #RSAC: Cloud computing's got some kinks (but you knew that)
    I'm attending the RSA Conference this week and just sat through a panel discussion on cross-jurisdictional issues in the cloud. It was p...

Categories

  • active directory
  • application firewalls
  • APTs
  • aslr
  • atm security
  • audio programs
  • audit logging
  • automated scanner oversights
  • back to basics
  • backups
  • big brother
  • bitlocker
  • budget
  • business case for security
  • business continuity
  • BYOD
  • car hacking
  • careers
  • certifications
  • change management
  • checklist audits
  • cissp
  • clear wireless
  • cloud computing
  • communication
  • compliance
  • computer glitch
  • conferences
  • consulting
  • content filtering
  • cool products
  • cool sites
  • cross-site request forgery
  • cross-site scripting
  • csrf
  • customer no service
  • cybersecurity bill
  • data at rest
  • data breach laws
  • data breaches
  • data centers
  • data destruction
  • data leakage
  • data protection
  • data retention
  • database security
  • degrees
  • desktop management
  • disaster recovery
  • disk imaging
  • disposal
  • dns
  • document security
  • domino
  • DoS attacks
  • drive encryption
  • e-discovery
  • ediscovery
  • employee monitoring
  • encrypting data in transit
  • encryption
  • end point security
  • ethical hacking
  • exchange
  • experience
  • expert witness
  • exploits
  • facebook
  • FERPA
  • file integrity monitoring
  • firewalls
  • forensics
  • full disk encryption
  • global warming
  • goal setting
  • good blogs
  • government intrusion
  • government regulations
  • great quotes
  • hacking
  • hardware
  • hipaa
  • hitech
  • hitech act
  • home security
  • humor
  • identity access management
  • identity theft
  • IIS
  • incident response
  • information classification
  • information security quotes
  • intel
  • intellectual property
  • internal threat
  • java
  • Kevin's books
  • Kevin's interviews
  • Kevin's keynotes
  • kevin's panels
  • kevin's quotes
  • Kevin's security content
  • Kevin's seminars
  • Kevin's videos
  • laptop encryption
  • laptop security
  • legal
  • Linux
  • locking screens
  • low-hanging fruit
  • malware
  • marketing hype
  • message from Kevin
  • messaging security
  • metasploit
  • metrics
  • mobile apps
  • mobile security
  • motivation
  • multi-factor authentication
  • network analysis
  • network complexities
  • network protocols
  • network security
  • networking essentials
  • Novell
  • office
  • online backup
  • online safety
  • open source security
  • owasp
  • p2p
  • passwords
  • patch management
  • patching
  • pci 6.6
  • pci dss
  • PCNAA
  • penetration testing
  • people problems
  • personal responsibility
  • phishing
  • physical security
  • pii
  • podcasts
  • policy enforcement
  • politics
  • presentations
  • privacy
  • quality assurance
  • recommended books
  • recommended magazines
  • recycling
  • remote access security
  • ridiculous password requirements
  • risk analysis
  • risk management
  • rogue insiders
  • ROI
  • RSA 2012
  • running a business
  • saas
  • salary
  • scary stuff
  • sccm
  • sdlc
  • security assessments
  • security audits
  • security awareness
  • security committees
  • security leadership
  • security management
  • security operations
  • security policies
  • security policy
  • security scans
  • security standards
  • security statistics
  • security technologies
  • security testing tools
  • security tools
  • selling security
  • sharepoint
  • small business
  • smartphone security
  • SMBs
  • social media
  • software development
  • source code
  • source code analysis
  • special offer
  • SQL injection
  • sql server
  • ssl
  • storage security
  • student information systems
  • stupid security
  • success
  • telecommuting
  • testimonials
  • thinking long term
  • third-party applications
  • threat modeling
  • time management
  • training
  • twitter
  • uncool products
  • unstructured information
  • unstructured infromation
  • user awareness
  • vendors
  • virtual machine security
  • visibility
  • voip
  • vulnerability assessments
  • web 2.0
  • web application security
  • web browser security
  • web server security
  • webcasts
  • WebInspect
  • whitelisting
  • whitepapers
  • Windows
  • Windows 7
  • windows 8
  • windows 8.1
  • Windows Mobile
  • windows security
  • Windows Vista
  • wireless
  • wireless security
  • zero tolerance

Blog Archive

  • ►  2013 (35)
    • ►  November (3)
    • ►  October (3)
    • ►  September (1)
    • ►  August (2)
    • ►  July (3)
    • ►  June (1)
    • ►  May (4)
    • ►  April (4)
    • ►  March (4)
    • ►  February (5)
    • ►  January (5)
  • ▼  2012 (77)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (3)
    • ►  August (3)
    • ►  July (4)
    • ►  June (5)
    • ▼  May (9)
      • Thank a veteran
      • Real-life example of people not seeing the big pic...
      • New video: My take on #BYOD - It's something you c...
      • IT's malignant narcissism and what you can do to r...
      • Web application security assessment war stories
      • New video: The things my most secure clients have ...
      • Quote on reasoning with the unreasonable and why c...
      • Video: The (partial) solution to information secur...
      • The funny thing about iPhones & airplane toilets
    • ►  April (5)
    • ►  March (10)
    • ►  February (14)
    • ►  January (16)
  • ►  2011 (163)
    • ►  December (15)
    • ►  November (11)
    • ►  October (9)
    • ►  September (16)
    • ►  August (13)
    • ►  July (8)
    • ►  June (13)
    • ►  May (18)
    • ►  April (16)
    • ►  March (13)
    • ►  February (13)
    • ►  January (18)
  • ►  2010 (170)
    • ►  December (10)
    • ►  November (14)
    • ►  October (7)
    • ►  September (27)
    • ►  August (20)
    • ►  July (8)
    • ►  June (15)
    • ►  May (4)
    • ►  April (23)
    • ►  March (21)
    • ►  February (11)
    • ►  January (10)
  • ►  2009 (55)
    • ►  December (5)
    • ►  November (10)
    • ►  October (21)
    • ►  September (19)
Powered by Blogger.

About Me

Unknown
View my complete profile