I had the opportunity and pleasure to do the technical editing on this book by my friend and colleague Becky Herold:
The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives
This book is hands-down one of the best books out there on information security and why it matters to the business. Becky doesn't simply regurgitate the same old stuff either (not that I would expect her to). She has many original thoughts and great anecdotal stories to boot. You have to read it....and tell your CIO, CTO, and compliance manager about it as well. It should be required reading for anyone who underfunds, questions, or otherwise doubts the value of information security.
BTW, did I mention it's free? Just sign-up with Realtimepublishers.com (a great source of IT and security content) and it's yours for the taking.
Wednesday, July 15, 2009
UPS sloppiness - How's this for document security?
I just went into a bathroom behind a UPS delivery guy. He left both his handheld computer and someone's overnight package sitting on the sink counter while he went into a stall. Anyone could've walked out with both and he'd never know who did it...This helps explain how packages go missing and subsequent breach notifications ensue.
Gives you the warm fuzzies about using UPS to ship sensitive documents, huh!?
Gives you the warm fuzzies about using UPS to ship sensitive documents, huh!?
Friday, July 10, 2009
Google's delusional, for now
I'm still out but read about Google taking on Microsoft in the paper and had to comment on it. So Chrome is now going to be a full-fledged OS taking on Windows 7. So they think they can take on Microsoft in the OS business!? Ha. I'm not going to hold my breath. Maybe once they get in bed with the hardware vendors and started forcing Chrome on buyers of new computers.
Chrome will be based on Linux....that's the *only* reason Google will get a jump start on this. Hey, maybe this will be the shot in the arm that Linux has been looking for.
Here's to yet another platform for more security vulnerabilities. Cheers!
Chrome will be based on Linux....that's the *only* reason Google will get a jump start on this. Hey, maybe this will be the shot in the arm that Linux has been looking for.
Here's to yet another platform for more security vulnerabilities. Cheers!
Thursday, July 9, 2009
My latest security content
I'm taking this week off but I've scheduled this post of three (more) new articles I've written that you may be interested in:
How Windows 7 stands up to security tests
Using an encryption appliance for data backup security (podcast)
Data security concerns with online backup
As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.
How Windows 7 stands up to security tests
Using an encryption appliance for data backup security (podcast)
Data security concerns with online backup
As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.
Tuesday, July 7, 2009
My latest security content
I'm taking this week off but I've scheduled this post of three new articles I've written that you may be interested in:
Networking to enhance your IT career
A compliance officer, secure network aren't enough for real compliance
Data retention policies and procedures for SMBs
As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.
Networking to enhance your IT career
A compliance officer, secure network aren't enough for real compliance
Data retention policies and procedures for SMBs
As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.
Saturday, July 4, 2009
What are you celebrating today?
For those of you in the U.S., Happy 4th of July! Proudly wearing my "Bill of Rights" shirt. I think my next purchase from one of my favorite stores, CafePress.com, is going to be this button:
Kudos to the men and women who have fought for our freedom and independence to this point - cheers to all of you out there who still believe in it.
Wednesday, July 1, 2009
The definitive secret to success in your job and career
It all comes down to this. I couldn't agree more.
"Eighty-five percent of the reason you get a job, keep that job, and move ahead in that job has to do with your people skills and people knowledge." - Cavett Robert
"Eighty-five percent of the reason you get a job, keep that job, and move ahead in that job has to do with your people skills and people knowledge." - Cavett Robert
Tuesday, June 30, 2009
Tool to take the pain out of threat modeling
Can you tell I'm getting caught up on talking about some neat security tools worth checking out!? Well, here's another one: Amenaza's SecurITree that I first wrote about in my book Hacking For Dummies, 2nd edition. It's a decision support tool you can use to analyze specific threats to your business and the likelihood of attack. Threat modeling is something that many people do in their head "qualitatively" (or not at all) but SecurITree helps you do more detailed "quantitative" analysis so you can drill down into the specifics.
The following are some screenshots of SecurITree with a sample decision tree loaded for analyzing home burglaries:
SecurITree's main interface showing the sample attack tree:
Drilling down to edit specific node data:
The process gets pretty technical and it's not for the faint of heart but the good news is that it's built-in Help explains just what you need to know.
SecurITree's Help window:
If you need details on which threats matter and the level of risk your business is up against, and don't know where to start you've got to check out SecurITree. This process can take some time, and as the folks at Amenaza admit, this process isn't foolproof but it could be well worth your investment.
While we're on the subject, check out this article I wrote on threat modeling.
The following are some screenshots of SecurITree with a sample decision tree loaded for analyzing home burglaries:
SecurITree's main interface showing the sample attack tree:
Drilling down to edit specific node data:
The process gets pretty technical and it's not for the faint of heart but the good news is that it's built-in Help explains just what you need to know.
SecurITree's Help window:
If you need details on which threats matter and the level of risk your business is up against, and don't know where to start you've got to check out SecurITree. This process can take some time, and as the folks at Amenaza admit, this process isn't foolproof but it could be well worth your investment.
While we're on the subject, check out this article I wrote on threat modeling.
Subscribe to:
Posts (Atom)
Posts
