My thoughts on why you need not worry about how people address you. [Hint: it's not about you.] There are bigger things to be concerned with.
Saturday 31 March 2012
Wednesday 28 March 2012
This is your crazy JetBlue captain speaking
Posted on 04:24 by Unknown
Anyone is capable of doing anything...that's what comes to mind when I think about the JetBlue captain going mad on a flight yesterday. Here's what I know...Just because someone has passed a background check, has a good references and has created a good track record for himself doesn't mean he's not capable of flying off the hook and doing bad things. This applies to pilots as in this situation and it applies to your own users when it comes to information security.
Sadly, as with doctors, law enforcement officers and the like, we typically hold pilots on pedestals without question. These are the people we look up to assuming they're well put together and always doing good things. This is not always true. We have to trust, but verify...yet still, we never really know. I'm just glad the JetBlue co-pilot and passengers executed a worthy backup plan. Great reminder we always need a Plan B...especially today if you work in JetBlue's PR department.
Sadly, as with doctors, law enforcement officers and the like, we typically hold pilots on pedestals without question. These are the people we look up to assuming they're well put together and always doing good things. This is not always true. We have to trust, but verify...yet still, we never really know. I'm just glad the JetBlue co-pilot and passengers executed a worthy backup plan. Great reminder we always need a Plan B...especially today if you work in JetBlue's PR department.
Posted in incident response, internal threat, risk analysis, scary stuff, user awareness
|
No comments
Thursday 22 March 2012
Don't underestimate the value of firewall rulebase analysis
Posted on 09:16 by Unknown
Are firewalls sexy? No...but you must understand that they're an integral part of your overall information risk equation. From configuration flaws to rulebase anomalies to overall system inefficiencies, your firewall rulebases can make or break security, business continuity and other critical parts of your IT operations.
Last week, AlgoSec's Nimmy Reichenberg and I recorded a webinar titled How to Automate Firewall Operations, Simplify Compliance Audits and Reduce Risk that you may want to check out. It's not salesy or filled with marketing fluff. It's more of us having a conversation about some common firewall security and management oversights and what needs to be done to rein in the problems.
I'm a believer in firewall rulebase optimization. I've seen mis-managed and undersecured firewalls do everything from take down an entire enterprise's operations for hours on end to making critical network flaws open to the outside world. I'm working on such projects right now and I'm pretty sure every network - every firewall - that hasn't been properly reviewed and that isn't being properly managed has these same risks present at this very moment.
Check out our discussion and see if you think there's a fit for better firewall oversight in your enterprise.You can't change what you tolerate in IT...acknowledge the issues that are hidden in your environment and vow to do something about them once and for all.
Last week, AlgoSec's Nimmy Reichenberg and I recorded a webinar titled How to Automate Firewall Operations, Simplify Compliance Audits and Reduce Risk that you may want to check out. It's not salesy or filled with marketing fluff. It's more of us having a conversation about some common firewall security and management oversights and what needs to be done to rein in the problems.
I'm a believer in firewall rulebase optimization. I've seen mis-managed and undersecured firewalls do everything from take down an entire enterprise's operations for hours on end to making critical network flaws open to the outside world. I'm working on such projects right now and I'm pretty sure every network - every firewall - that hasn't been properly reviewed and that isn't being properly managed has these same risks present at this very moment.
Check out our discussion and see if you think there's a fit for better firewall oversight in your enterprise.You can't change what you tolerate in IT...acknowledge the issues that are hidden in your environment and vow to do something about them once and for all.
An interesting Microsoft tool to help with data classification
Posted on 07:54 by Unknown
Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge.
If the Data Classification Toolkit is anything like Security Compliance Manager, it may well be worth checking out. It's free...and if you don't have any other tools or means to get your arms around data classification, why not start with it? Could provide a good segue into better security controls as a whole.
If the Data Classification Toolkit is anything like Security Compliance Manager, it may well be worth checking out. It's free...and if you don't have any other tools or means to get your arms around data classification, why not start with it? Could provide a good segue into better security controls as a whole.
Monday 19 March 2012
Neat tools to seek out sensitive files on laptops & websites
Posted on 18:51 by Unknown
"Oh yeah, I forgot about all of those files." I've never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I've mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to uncover files that are at risk on under-protected laptops - even the entire enterprise.
Here's a quick peek of what Identity Finder can uncover on a laptop:
Pretty eye-opening, huh? Especially if you find all of this information on an unencrypted laptop.
Check out Identity Finder. It's one of those good bang for the buck tools that can help you with information discovery, classification, leakage prevention or just to simply make the case that PII or intellectual property are not being protected the way they should be.
There's a related tool I recently came across that you should check out as well called FOCA. FOCA (more specifically FOCA Free) is a data gathering tool you can use to seek out sensitive files on websites you may be testing. It's got a few little quirks but, compared to so many other free tools I try, it actually works. Here's a screenshot of its interface:
I'm convinced that those of us in IT and infosec are no different than surgeons, carpenters or race mechanics. If we don't have the right tools for the task, we're not going to accomplish all we need to accomplish. Consider adding Identity Finder - and FOCA - to your arsenal. They can't hurt!
Here's a quick peek of what Identity Finder can uncover on a laptop:
Pretty eye-opening, huh? Especially if you find all of this information on an unencrypted laptop.
Check out Identity Finder. It's one of those good bang for the buck tools that can help you with information discovery, classification, leakage prevention or just to simply make the case that PII or intellectual property are not being protected the way they should be.
There's a related tool I recently came across that you should check out as well called FOCA. FOCA (more specifically FOCA Free) is a data gathering tool you can use to seek out sensitive files on websites you may be testing. It's got a few little quirks but, compared to so many other free tools I try, it actually works. Here's a screenshot of its interface:
I'm convinced that those of us in IT and infosec are no different than surgeons, carpenters or race mechanics. If we don't have the right tools for the task, we're not going to accomplish all we need to accomplish. Consider adding Identity Finder - and FOCA - to your arsenal. They can't hurt!
Thursday 15 March 2012
Flaws, compliance and the Cybersecurity Act of 2012
Posted on 02:11 by Unknown
Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar:
Six Security Flaws on Your Network Right Now
Find the Most Flaws By Balancing Automated Scans with Manual Analysis
Compliance is just the beginning
New and not-so-new security twists in the Cybersecurity Act of 2012
Enjoy!
Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Six Security Flaws on Your Network Right Now
Find the Most Flaws By Balancing Automated Scans with Manual Analysis
Compliance is just the beginning
New and not-so-new security twists in the Cybersecurity Act of 2012
Enjoy!
Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Wednesday 14 March 2012
My upcoming webcast with Checkmarx: How to Use Source Code Analysis to Improve Information Security
Posted on 10:32 by Unknown
Join me next week, Thursday March 22, for a quick webcast where I'll be co-presenting on the topic of source code analysis and how it can improve your information security over time.
I'm convinced that source code analysis is one of the missing links in the overall security process. As I say all the time: you cannot secure what you don't acknowledge. Ignoring security flaws at the source can be bad for business. Performing source code analyses, I've found Web application flaws like hard-coded cryptographic keys and password string, SQL injection and file manipulation...none of which external penetration testing tools uncovered.
This stuff is important. We're only asking for 30 minutes of your time. I hope you'll join us. You can register here.
I'm convinced that source code analysis is one of the missing links in the overall security process. As I say all the time: you cannot secure what you don't acknowledge. Ignoring security flaws at the source can be bad for business. Performing source code analyses, I've found Web application flaws like hard-coded cryptographic keys and password string, SQL injection and file manipulation...none of which external penetration testing tools uncovered.
This stuff is important. We're only asking for 30 minutes of your time. I hope you'll join us. You can register here.
My Atlanta CDW/TechTarget seminar
Posted on 10:10 by Unknown
We had a friendly and larger than expected crowd at our event CDW/TechTarget information security seminar yesterday. Thanks to those who came out!
My favorite part of these events is learning new ideas from the participants and the other speakers. In this ever-changing world in which we work, it's hard to keep up and there's certainly no way to know it all. Every little nugget helps.
Looking forward to an even better event next week in Chicago!
My favorite part of these events is learning new ideas from the participants and the other speakers. In this ever-changing world in which we work, it's hard to keep up and there's certainly no way to know it all. Every little nugget helps.
Looking forward to an even better event next week in Chicago!
Friday 9 March 2012
My upcoming webcast on firewall management
Posted on 08:36 by Unknown
Join me and AlgoSec's Nimmy Reichenberg next week for a unique discussion on strategies for improving firewall management.
We all know it's the elephant in the room...Today's enterprises have firewalls that are so complex and so fragile yet no one's really taking care of them. Any processes that do exist around rule management, rule changes and firewall risk analysis are often manual - and oh so painful.
I know, I know, firewalls are not all that sexy any more. And why bother them if they're running well and doing what they need to do?
It's not that simple...From strategies to lessons learned, Nimmy and I will share with you just what you need to know to get your firewall house in order. Will you join us? It'll just take an hour of your time and the payoffs can be tremendous.
Check out the following link for more info and to register:
5 Strategies to Improve Firewall Management: How to Automate Operations, Simplify Compliance Audits and Reduce Risk
Hope to "see" you there next week!
We all know it's the elephant in the room...Today's enterprises have firewalls that are so complex and so fragile yet no one's really taking care of them. Any processes that do exist around rule management, rule changes and firewall risk analysis are often manual - and oh so painful.
I know, I know, firewalls are not all that sexy any more. And why bother them if they're running well and doing what they need to do?
It's not that simple...From strategies to lessons learned, Nimmy and I will share with you just what you need to know to get your firewall house in order. Will you join us? It'll just take an hour of your time and the payoffs can be tremendous.
Check out the following link for more info and to register:
5 Strategies to Improve Firewall Management: How to Automate Operations, Simplify Compliance Audits and Reduce Risk
Hope to "see" you there next week!
Thursday 1 March 2012
My final takeaway from #RSAC
Posted on 05:32 by Unknown
I said my farewell to the RSA Conference Tuesday evening but had some final thoughts about the show that I wanted to share with you.
In addition to the keynotes I talked about, I attended a mock trial session involving malware, a digital certificate acquired for ill-gotten gains, and a healthcare company that ignored all things HIPAA (heard that a million times!) as well as a session by HP's Jacob West (an excellent presenter if you ever get a chance to see him) on mobile application security. Both were very well presented.
I had a chance to mingle with long-time colleagues and clients (many of which I met in person for the first time) on the show floor. It was also neat to see my book in the RSA bookstore - very humbling seeing it mixed in with some of the big sellers in our field.
Here's my big takeaway from everything that I saw and heard...it's something you've heard me say before and I'll continue saying it until I retire. It was echoed in every presentation I attended and every bit of marketing literature I read. Be it the overall network, databases, mobile apps, people - whatever - you cannot secure what you don't acknowledge. And so many of us are not acknowledging all the things that matter. So step back, see the big picture, fix the low-hanging fruit (the home-runs), put the proper tools and processes in place and then dig in further over and over again...never letting up.
Overall a really cool experience...you've got to go to the RSA Conference next year if you can.
In addition to the keynotes I talked about, I attended a mock trial session involving malware, a digital certificate acquired for ill-gotten gains, and a healthcare company that ignored all things HIPAA (heard that a million times!) as well as a session by HP's Jacob West (an excellent presenter if you ever get a chance to see him) on mobile application security. Both were very well presented.
I had a chance to mingle with long-time colleagues and clients (many of which I met in person for the first time) on the show floor. It was also neat to see my book in the RSA bookstore - very humbling seeing it mixed in with some of the big sellers in our field.
Here's my big takeaway from everything that I saw and heard...it's something you've heard me say before and I'll continue saying it until I retire. It was echoed in every presentation I attended and every bit of marketing literature I read. Be it the overall network, databases, mobile apps, people - whatever - you cannot secure what you don't acknowledge. And so many of us are not acknowledging all the things that matter. So step back, see the big picture, fix the low-hanging fruit (the home-runs), put the proper tools and processes in place and then dig in further over and over again...never letting up.
Overall a really cool experience...you've got to go to the RSA Conference next year if you can.
Subscribe to:
Posts (Atom)