I'm live at the RSA Conference and here are my thoughts on the first two keynotes along with why you need to come to this show.
Tuesday 28 February 2012
Monday 27 February 2012
Live from #RSAC: Cloud computing's got some kinks (but you knew that)
Posted on 10:36 by Unknown
I'm attending the RSA Conference this week and just sat through a panel discussion on cross-jurisdictional issues in the cloud. It was part of the Cloud Security Alliance Summit 2012.
Here's what I heard: there are tons of considerations around the management, access and even the e-discovery personal data in the cloud...lots of variables and just as many things still up in the air. I'm convinced that being an information privacy and security savvy attorney is a solid - and likely most lucrative - career paths that IT professionals could take right now.
One of the audience members (apparently a founder of the Unified Compliance Framework) asked the panel why we needed yet another group (the Cloud Security Alliance) establishing yet another set of information security standards when 99.99% of everything that's being touted today is already part of some other regulation, standard or framework. I completely agree and didn't hear any compelling explanations...Everyone wants their piece of the pie I suppose.
Here's what I heard: there are tons of considerations around the management, access and even the e-discovery personal data in the cloud...lots of variables and just as many things still up in the air. I'm convinced that being an information privacy and security savvy attorney is a solid - and likely most lucrative - career paths that IT professionals could take right now.
One of the audience members (apparently a founder of the Unified Compliance Framework) asked the panel why we needed yet another group (the Cloud Security Alliance) establishing yet another set of information security standards when 99.99% of everything that's being touted today is already part of some other regulation, standard or framework. I completely agree and didn't hear any compelling explanations...Everyone wants their piece of the pie I suppose.
Video: Seeing the big picture in information security
Posted on 07:13 by Unknown
Little has been written about this in the context of information security but it's something you've go to consider in every decision you make:
Friday 24 February 2012
CDW-TechTarget seminars are back this year - join me in Atlanta soon
Posted on 03:09 by Unknown
Great news - I'll be speaking at the CDW-TechTarget roadshows again this year! Our first show kicks off in Atlanta on March 13th and then we start zig-zagging across the country every few weeks until late September.
For most of the shows I'll be giving two presentations:
There will also be vendor expert sessions and a panel discussion at the end of the morning that I'll be moderating. You'll be out of there by lunchtime.
At a couple of the shows, we'll have two tracks running simultaneously so the day will be a bit longer (lunch included) and I'll be presenting an additional session titled Building Security (and Confidence) in the Cloud.
I hope you'll be able to join me. We got a lot of great feedback on these events last year and I know this year will be even better.
Check out the locations, dates and registration form here. There's no charge to attend if you're selected. See you in Atlanta in two and a half weeks!
For most of the shows I'll be giving two presentations:
Adapting Your Old-School Network Security Agenda to Today's New-School Security Challenges
...and:
Ensuring Security Controls in an Anytime, Anywhere Access Environment
There will also be vendor expert sessions and a panel discussion at the end of the morning that I'll be moderating. You'll be out of there by lunchtime.
At a couple of the shows, we'll have two tracks running simultaneously so the day will be a bit longer (lunch included) and I'll be presenting an additional session titled Building Security (and Confidence) in the Cloud.
I hope you'll be able to join me. We got a lot of great feedback on these events last year and I know this year will be even better.
Check out the locations, dates and registration form here. There's no charge to attend if you're selected. See you in Atlanta in two and a half weeks!
Sunday 19 February 2012
Got compliance on your mind?
Posted on 13:53 by Unknown
I figured you did...it seems everyone does these days. However you look at compliance - be it a threat, a security enabler or just a pain in the rear-end - here are some new pieces I've written that may help:
Our dangerous overdependence on IT auditing
Compliance considerations when disposing old equipment
How Windows Server 8 can help with compliance
Enjoy!
Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Our dangerous overdependence on IT auditing
Compliance considerations when disposing old equipment
How Windows Server 8 can help with compliance
Enjoy!
Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Monday 13 February 2012
Is it really possible to get users on board with security?
Posted on 17:02 by Unknown
I think so. Here's how.
I don't think that user awareness and training is THE answer to information security like many others believe. I do know that you shouldn't let another year pass without getting your users on board with what you're doing.
I don't think that user awareness and training is THE answer to information security like many others believe. I do know that you shouldn't let another year pass without getting your users on board with what you're doing.
Sunday 12 February 2012
SQL injection cheatsheet & tips for getting management on board
Posted on 16:41 by Unknown
Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well.
If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago:
SQL Injection – The Web Flaw That Keeps on Giving
Ten Ways to Sell Security to Management
Happy hacking!
If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago:
SQL Injection – The Web Flaw That Keeps on Giving
Ten Ways to Sell Security to Management
Happy hacking!
Friday 10 February 2012
Video: The one infosec skill you need to be working on
Posted on 05:55 by Unknown
Develop and maintain this one skill and you'll position yourself to be a much more valuable information security professional:
Posted in careers, compliance, Kevin's security content, Kevin's videos, legal, security leadership
|
No comments
Thursday 9 February 2012
Video: My new whitepaper on advanced malware and how Damballa Failsafe fits in
Posted on 08:31 by Unknown
Introduction to the threat we're facing and my new whitepaper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In:
Posted in cool products, hacking, Kevin's security content, Kevin's videos, malware, scary stuff, whitepapers
|
No comments
Wednesday 8 February 2012
Video: My new whitepaper on SQL Server security threats & compliance
Posted on 11:30 by Unknown
Check out my new whitepaper The SQL Security Security Threat - It's closer than you think sponsored by Idera:
What's it going to take for police departments to secure their websites?
Posted on 09:20 by Unknown
Here's yet another story about a police department website being compromised by criminal hackers. When a regular citizen's home address is exposed, that's one thing. But when the addresses of police chiefs are published online, that opens up an entirely new set of risks for their personal safety. Sad. Hey, at least the police chiefs I know are armed and well-trained experts. Would be pretty foolish to try and attack them on their home turf.
As I've mentioned before, you have to test ALL of your websites - marketing site, everything. If it's got an IP address or a URL it's fair game for hacking.
As I've mentioned before, you have to test ALL of your websites - marketing site, everything. If it's got an IP address or a URL it's fair game for hacking.
Introducing my information security YouTube channel - PrincipleLogic
Posted on 04:49 by Unknown
Check out my new YouTube channel (www.youtube.com/PrincipleLogic):
I'm really excited about this. More videos coming soon.
I plan to post video blogs once or twice a week so be sure to subscribe on YouTube or via my RSS feed.
Enjoy!
I'm really excited about this. More videos coming soon.
I plan to post video blogs once or twice a week so be sure to subscribe on YouTube or via my RSS feed.
Enjoy!
Tuesday 7 February 2012
If we can't even get beyond our own unhealthy lifestyles...
Posted on 04:57 by Unknown
I'm a true believer in maintaining a healthy lifestyle. Exercising, eating well and so on. There's that equation that all of us are well aware of: burn more calories than you take in and you'll lose weight. Then, once we get to our ideal size, we just need to maintain a good balance of calories and exercise and we're golden. Sounds simple enough.
I subscribe to a couple of different health-related newsletters from Consumer Reports and the Mayo Clinic and, putting the occasional new research aside, it seems the content in these newsletters is mere rehashing of the exercise more, eat less way of life. The health experts claim that's how most of us, by and large, will stay healthy. Makes sense to me.
The thing is, I'm not as healthy as I could be and I know we have a serious obesity and diabetes problem in America and other parts of the world. Unhealthy people are everywhere. But where's the breakdown?
With everything else being equal (socioeconomic status, self-esteem, genetics and the like) we get busy. Life gets in the way. We've got jobs, kids and all the other things of adulthood that we're now responsible for (and often feel woefully unprepared for, right!?). Even the people with the greatest intentions of being healthy can't seem to maintain a healthy lifestyle. [notice how the New Year's Resolutions are fading away and gyms are thinning out now that it's February?]
I look at this issue and wonder to myself, how can we possibly expect people (management, regular employees, IT staff - whoever) to give their best to information security when these same folks struggle to assess risks related to their own bodies? Our health is all we've got. If we can't take that seriously, I'm not so sure we're ever going to get true buy-in and support for something as seemingly unimportant as information security.
Like how automobile safety has evolved over the decades, maybe things will come around and we'll start seeing truly "healthy" information security initiatives. The human mind is complex. It's a long road ahead. I remain hopeful.
I subscribe to a couple of different health-related newsletters from Consumer Reports and the Mayo Clinic and, putting the occasional new research aside, it seems the content in these newsletters is mere rehashing of the exercise more, eat less way of life. The health experts claim that's how most of us, by and large, will stay healthy. Makes sense to me.
The thing is, I'm not as healthy as I could be and I know we have a serious obesity and diabetes problem in America and other parts of the world. Unhealthy people are everywhere. But where's the breakdown?
With everything else being equal (socioeconomic status, self-esteem, genetics and the like) we get busy. Life gets in the way. We've got jobs, kids and all the other things of adulthood that we're now responsible for (and often feel woefully unprepared for, right!?). Even the people with the greatest intentions of being healthy can't seem to maintain a healthy lifestyle. [notice how the New Year's Resolutions are fading away and gyms are thinning out now that it's February?]
I look at this issue and wonder to myself, how can we possibly expect people (management, regular employees, IT staff - whoever) to give their best to information security when these same folks struggle to assess risks related to their own bodies? Our health is all we've got. If we can't take that seriously, I'm not so sure we're ever going to get true buy-in and support for something as seemingly unimportant as information security.
Like how automobile safety has evolved over the decades, maybe things will come around and we'll start seeing truly "healthy" information security initiatives. The human mind is complex. It's a long road ahead. I remain hopeful.
Monday 6 February 2012
My new material on Web application & website security
Posted on 13:24 by Unknown
Here are several new pieces I've written on Web site/application security. Lots of angles and considerations:
There’s more to web security than meets the eye
Web passwords are often the weakest link
To validate or not, is that the question?
Protecting FTP services running on your Web server
The critical Web-based systems that are going untested and unsecured
Good Web Security Tools and Why They Matter
Why you need intruder lockout
Web security is like the layers of an onion
And, probably my favorite (a big, big security oversight):
You need to test your marketing site too!
Enjoy!
You know the deal....Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more.
There’s more to web security than meets the eye
Web passwords are often the weakest link
To validate or not, is that the question?
Protecting FTP services running on your Web server
The critical Web-based systems that are going untested and unsecured
Good Web Security Tools and Why They Matter
Why you need intruder lockout
Web security is like the layers of an onion
And, probably my favorite (a big, big security oversight):
You need to test your marketing site too!
Enjoy!
You know the deal....Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Subscribe to:
Posts (Atom)