- It is the veteran, not the preacher, who has given you freedom of religion.
- It is the veteran, not the reporter, who has given you freedom of the press.
- It is the veteran, not the poet, who has given you freedom of speech.
- It is the veteran, not the protester, who has given you freedom to assemble.
- It is the veteran, not the lawyer, who has given you the right to a fair trial.
- It is the veteran, not the politician, who has given you the right to vote.
- It is the veteran, who salutes the Flag, who serves under the Flag, whose coffin is draped by the Flag.
Monday, May 28, 2012
Thank a veteran
Saw this, unsure who wrote it, but I really like it:
Monday, May 21, 2012
Real-life example of people not seeing the big picture
The inability to think long-term, to see the bigger picture consequences of our choices, is no doubt at the root of most information security problems. Here's an example of what I'm talking about...what's wrong with this car?
No, this isn't a race car with Hoosier racing slicks...it's a street car owned by someone working or shopping at a Wal-Mart who has chosen to drive with improper equipment. Like many people who choose to ignore information security problems, this poor sap won't know what hit him the next time he crosses standing water during a downpour.
We must think before we act or we're doomed to endure the consequences of our choices.
No, this isn't a race car with Hoosier racing slicks...it's a street car owned by someone working or shopping at a Wal-Mart who has chosen to drive with improper equipment. Like many people who choose to ignore information security problems, this poor sap won't know what hit him the next time he crosses standing water during a downpour.
We must think before we act or we're doomed to endure the consequences of our choices.
Friday, May 18, 2012
Tuesday, May 15, 2012
IT's malignant narcissism and what you can do to rise above the noise
IT department optimism does not translate into IT department budget. That's what Jonathan Feldman wrote about in this Information Week piece. Their study provides lots of interesting insight into how many working in IT see things compared to, well, the rest of the business. I'm not surprised.
While we're on the subject, I've recorded a video on IT's role in fixing this problem and wrote a new piece for TechTarget's SearchWinIT.com site on why understanding management gets your IT department what it needs.
If you're going to move ahead - heck, even just survive - in IT, it's critical to understand how the desire for gain or fear of loss are at the basis of every "sale" you make. Stop thinking of yourself as an IT person and, instead, as a business professional who's helping the business move forward and accomplish its goals by leveraging IT.
While we're on the subject, I've recorded a video on IT's role in fixing this problem and wrote a new piece for TechTarget's SearchWinIT.com site on why understanding management gets your IT department what it needs.
If you're going to move ahead - heck, even just survive - in IT, it's critical to understand how the desire for gain or fear of loss are at the basis of every "sale" you make. Stop thinking of yourself as an IT person and, instead, as a business professional who's helping the business move forward and accomplish its goals by leveraging IT.
Friday, May 11, 2012
Web application security assessment war stories
I spend a lot of time performing Web security assessments and every project is a neat learning experience for me. I'm always eager to share my Web security war stories, what to do and what NOT to do so here are some new pieces you may be interested in...From exploiting Web vulnerabilities to IT geek speak and a bunch of stuff in between, I hope there's something here for you:
The Value of Web Exploitation
Web Application Firewalls and the False Sense of Security They can Create
Not All Web Vulnerabilities Are What They Appear to Be
The One Web Security Testing Oversight You Don’t Want to Miss
IT Geek Speak and What Management Really Needs to Hear
Enjoy!
As always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books and more.
The Value of Web Exploitation
Web Application Firewalls and the False Sense of Security They can Create
Not All Web Vulnerabilities Are What They Appear to Be
The One Web Security Testing Oversight You Don’t Want to Miss
IT Geek Speak and What Management Really Needs to Hear
Enjoy!
As always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Thursday, May 10, 2012
Quote on reasoning with the unreasonable and why character is critical
Be it executives with their heads in the sand over security or know-it-all propeller heads who can't see the big picture of business risk, I've found that you just can't reason with the unreasonable. Here's something that Robert Schuller said that underscores the issue and helps us understand why being the bigger person is most important:
"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will accuse you of selfish ulterior motives. Do good anyway. If you are successful, you will win false friends and true enemies. Succeed anyway. Honesty and frankness make you vulnerable. Be honest and frank anyway."
Speaking of principles and character, I read a recent article by Larry Reed in the Atlanta Business Chronicle titled Character: Nothing is more important. This one piece sums up what I believe it truly takes to be successful in IT and information security. I especially like the part where Mr. Reed says "Integrity is more important than all the degrees you’ve earned, all the management courses you could possibly take, and all the knowledge that you could absorb on any subject." I couldn't agree more.
Focus on these things and you'll see that there's a vast conspiracy out there to make you successful.
"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will accuse you of selfish ulterior motives. Do good anyway. If you are successful, you will win false friends and true enemies. Succeed anyway. Honesty and frankness make you vulnerable. Be honest and frank anyway."
Speaking of principles and character, I read a recent article by Larry Reed in the Atlanta Business Chronicle titled Character: Nothing is more important. This one piece sums up what I believe it truly takes to be successful in IT and information security. I especially like the part where Mr. Reed says "Integrity is more important than all the degrees you’ve earned, all the management courses you could possibly take, and all the knowledge that you could absorb on any subject." I couldn't agree more.
Focus on these things and you'll see that there's a vast conspiracy out there to make you successful.
Thursday, May 3, 2012
The funny thing about iPhones & airplane toilets
My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...
Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The captain got involved, and then maintenance, and then all the ensuing paperwork.
This incident reminded me of when the authorities shut down an interstate when some dude is threatening to jump from a bridge above. Imagine the economic impact. Few think about that...But thanks to the ever so brave maintenance man, the passenger ended up getting his "$900" iPhone back. He said he had insurance on it and needed it to be able to get a new one. Reasonable argument I suppose..if you're a hazmat kinda guy.
I feel for the poor sap at AT&T who takes it back not knowing where it's been.
I bring this up because it's a scenario that could very well play out in your enterprise. I'm not so sure that anything could be recovered from a phone after being immersed in a toilet...but you never know, especially if the phone has a Micro SD card for external storage (i.e. BlackBerry & Android-based devices).
Will your employees know what to do in this type of situation? Will it matter if the device is personally-owned versus business-owned? You need to develop a stance on this and integrate into your mobile security policy. Oh, and let everyone know about it. Will you need to enact any sort of incident response procedures or data breach notification (I can hear it now: "Sorry Mr. or Mrs. Customer, We've had a craptacular situation involving your data that you need to know about...").
It was a funny situation. Crappy jokes aside, this is certainly something to think about for your own business.
Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The captain got involved, and then maintenance, and then all the ensuing paperwork.
This incident reminded me of when the authorities shut down an interstate when some dude is threatening to jump from a bridge above. Imagine the economic impact. Few think about that...But thanks to the ever so brave maintenance man, the passenger ended up getting his "$900" iPhone back. He said he had insurance on it and needed it to be able to get a new one. Reasonable argument I suppose..if you're a hazmat kinda guy.
I feel for the poor sap at AT&T who takes it back not knowing where it's been.
I bring this up because it's a scenario that could very well play out in your enterprise. I'm not so sure that anything could be recovered from a phone after being immersed in a toilet...but you never know, especially if the phone has a Micro SD card for external storage (i.e. BlackBerry & Android-based devices).
Will your employees know what to do in this type of situation? Will it matter if the device is personally-owned versus business-owned? You need to develop a stance on this and integrate into your mobile security policy. Oh, and let everyone know about it. Will you need to enact any sort of incident response procedures or data breach notification (I can hear it now: "Sorry Mr. or Mrs. Customer, We've had a craptacular situation involving your data that you need to know about...").
It was a funny situation. Crappy jokes aside, this is certainly something to think about for your own business.
Subscribe to:
Posts (Atom)
ShareThis
Posts
