As Mike Rothman (the Pragmatic CSO) wrote yesterday on “Incrementally Getting to Secure Code“, there are a lot of Security Managers (and/or CSO’s) who have inherited a big mess of legacy systems and infrastructure. You can’t hope to put a program in place instantaneously, especially not when you don’t have a budget for new systems. Some systems may have big holes that won’t be patched for a while. Where do you start?
Continue Reading »
My mind generates the most creative ideas when it is supposed to be working on important Client problems. Most of them are so far out, you’re not missing much if I don’t write about them. But this one intrigues me with its possibilities… and maybe some downside risks.
Imagine that you are a single parent of a teenager, and she has to work the late shift at a fast-food restaurant. She doesn’t want to bother anyone for a ride, because she only lives a mile away. She disappears somewhere between work and home. The parents’ worst nightmare happened, in just this way, on September 8, 2005 in Ottawa. Continue Reading »
Like it or not, the sad reality is that the insider threat exists in virtually all organizations. Given the right set of circumstances, almost anyone can yield to temptation. In my view it takes a combination of Policies, Awareness, Risk Analysis, Preventative and Detective Safeguards, Audits and Sanctions, as a minimum to be able to say you have done any kind of due diligence in securing your organization’s information. Take any of the recent daily news stories (as they start to become non-News), such as the Texas baby kidnapping, or the Tampa airline firearms smuggling… Continue Reading »
I don’t know of too many people who don’t have machines connected to the Internet at home. So, this applies to most of us. While many of us are doing our best to keep our enterprise security environments safe, many just don’t treat our home environments with the same respect. Michael Santarcangelo, the Security Catalyst, has started a podcast series aimed at helping us get our home computing environments in order. Good job, Michael. I listened to the first one last night, and it’s definitely a good thing for home users to follow this series as it gets published.
Check it out at: Security Catalyst
