You can't secure what you don't acknowledge.SM

Wednesday, November 11, 2009

Responsibility becoming a thing of the past?

Here's a great post from Neal Boortz regarding holding people responsible for their choices. It's very simple to blame something inanimate instead of fixing the real problems. Like blaming malware for security breaches...

Practically everything in life and business can be traced back to choice - that's why we have to use it wisely.

Tuesday, November 10, 2009

M-W's Word of the Day very fitting

I subscribe to Merriam-Webster's "Word of the Day" and saw today's word is rectify. Here's the example sentence they used:

"The night before the Web site was to go live, the programmers worked frantically to rectify several unresolved security problems."

Too funny! ...and sadly, all too common. Hey, at least they were working to fix the security issues before it went live! ;-)

Monday, November 9, 2009

Have you thought about business continuity metrics?

Either way, here's a good set of business continuity metrics worth checking out. Something that's sorely missing from many plans...that is, where plans even exist.

Sunday, November 8, 2009

The real deal with the SSL/TLS flaw

Over the past few days Twitter, security blogs, and news columns have been going crazy with the newly-discovered SSL/TLS flaw. Man, you'd think it's the next WEP exploit discovery. The security sky is falling...we must retreat.

Seriously, is this thing a big deal? Not in my opinion - at least not in all but 99.9% of any given situation. But what do I know? I'm just the security guy that sees network shares sharing out entire drives full of sensitive files, firewalls with default configurations and no passwords, smartphones without a trace of security enabled, laptops with supposedly "nothing of value" that end up having thousands PII records yet no semblance of drive encryption, database servers without passwords, physical security cameras and data center control systems with default passwords that anyone on the network can mess around, operating systems missing critical patches that are easily-exploited using free tools, Web sites/apps with gobs of XSS and weak authentication controls, and on and on and on and on.

If you want to pick nits and chase the rabbit down the infinite path of limited return, sure, it's a big deal. Otherwise, chances are you've much bigger issues on your hands.