Report Card: Incident Response - A, Security Management - D
This appears to be another example of disregard for fundamental security practices.
Posted 11/18/2008
It's all about getting the job done, unfortunately
Managers expect users to meet certain performance levels. Users, being human, do whatever it takes to meet management's expectations. So why, when we don't provide an alternative, do we bemoan continued bad behavior.
Posted 11/17/2008
AVG does the right thing (Updated)
Although I still believe AVG was careless with their recent release, I respect their willingness to put "some skin in the game."
Posted 11/14/2008
Don't just stand there... do something!
At some point, we the users of vulnerable technologies need to tell the “experts” to stop posturing and just do the right thing.
Posted 11/12/2008
/ Comments (1)
AVG hoses user32.dll
AVG tries to whack legitimate software for the second time in less than a month.
Posted 11/11/2008
/ Comments (1)
Intelligence information left on public hotel computer
Organizations are pressured every day to provide remote users with access to sensitive data. Allowing storage of information on portable storage devices and use of hotel business centers (i.e., computers and printers for guest use) is part of the solution--and part of the problem.
Posted 11/10/2008
/ Comments (1)
Sinowal Trojan dwarfs common data stealing operations
The Sinowal Trojan is at 500,000 identities and growing.
Posted 10/31/2008
/ Comments (1)
DriverScanner: Keep your drivers up to date while managing incompatibilities
Keeping drivers up-to-date can be a hit-or-miss hassle, involving performance issues or driver compatibility problems which cause the target system to crash. DriveScanner can help.
Posted 10/28/2008
A breach by any other name...
Sometimes the spin makes me dizzy. Take, for instance, an incident which occurred in the U.K. recently.
Posted 10/21/2008
Protect and control system management and monitoring systems
Vendor and production teams will install management and controls systems and expect to connect to your network. Blocking this is not an option. Instead, prepare to manage and protect this technology and the connected business network.
Posted 10/14/2008
And the next administration will be just as secure as this one...
There is one constant on which we can always rely--the people involved in running the U.S. governement are clueless about information security.
Posted 10/7/2008
/ Comments (4)
robots.txt is NOT a security control
Sitting in a meeting the other day, my mind hoisted a little red flag when I heard someone say the robot.txt file was a good security control. Not only is it not a security control, it also doesn’t add much value beyond helping control which search engines get to index your Web sites and what they...
Posted 9/30/2008
/ Comments (2)
DLP: Technology wins over reliance on human perfection... every time
Company management recognizes it is responsible to prevent data leaks. Someone throws an encryption solution at the users, washes their hands, and claims organizational responsibility has been demonstrated. Sound familiar?
Posted 9/23/2008
/ Comments (1)
Overcome the e-discovery and DLP .PST challenge
.PST files are convenient storage for users, but bad news for DLP control and e-discovery processes. Here's how to deal with them.
Posted 9/16/2008
Are we asking the right questions often enough?
An increase in management's awareness of the importance of information security has come with a commensurate willingness to approve budget requests for security controls. But are security managers targeting the right challenges? Are they asking the right questions?
Posted 9/9/2008
Safely providing anywhere, anytime network access
Today's business user often needs remote access to email, documents, or other business information, even when a business supplied laptop or desktop is available. This need for secure anytime, anywhere access to business information comes with its own complete set of challenges. But reasonably...
Posted 9/2/2008
A pox upon your network...
It’s human nature to answer a challenge, especially if the adversary is remote, unseen, and will probably never meet you in the lists. However, taking up the virtual gauntlet when phished has consequences.
Posted 8/26/2008
More security often means lower costs
People often miss one of the biggest selling points about security--cost reduction. This is the problem with comments in a recent article in Dark Reading.
Posted 8/26/2008
It is, too, cyberwarfare... no it isn't... yes it is...
Cyberwarfare. Does it exist or is it a fabrication by doomsayers, conspiracy hounds, and alarmists? And how do we define it? Does a central government have to be directly involved, or is it enough for a country’s leaders to bolster radical nationalism while ignoring unethical or illegal...
Posted 8/19/2008
/ Comments (1)
The facts about IP security
The Center for the Protection of National Infracture (CPNI) in the UK has published a report describing weaknesses in the Internet Protocol.
Posted 8/15/2008
/ Comments (1)
Browse all IT Blogs
Commentary, reviews, and tips relevant to anyone responsible for information security. Including how to build and manage a...
more Commentary, reviews, and tips relevant to anyone responsible for information security. Including how to build and manage a security program, editorials about the state of information security, and do's and don't's based on my 25 years of IT experience.
..less
Enter your email address to be notified of new posts.
