You can't secure what you don't acknowledge.SM

Friday, September 4, 2009

My latest security content

My goodness - it's been over a month since I've posted my latest security content...I've been so busy writing the stuff that posting the links has gotten put on the back burner. Good problem to have! Anyway, here's my latest:

Networking to enhance your IT career

Toeing the company line – is it good or bad for your IT career?

Security and compliance can go together, when done in the right order

Making sense of regulatory compliance and data storage for SMBs

Run encryption the right way to ensure wireless network security

Free Windows security tools every admin must have

Nine common password oversights to avoid

Secure your Windows systems with proper password practices

Secure Windows XP before a Windows 7 upgrade

Essentials of static source code analysis for Web applications

Secure data destruction options for old backup tapes and disk (a piece I contributed to)

Whew...I think that's it for now!

As always, be sure to check out for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more.

Good info on balancing life and work

It's something I work on every day - trying to balance my personal priorities with my work priorities. Being an entrepreneur and a capitalist often conflicts with the responsibilities I have at home. But I've found that it can be done if you choose to do so. Here's a good bit on balancing life and work to get you rolling. Enjoy...and have a nice, long, relaxing weekend!

Wednesday, September 2, 2009

Interesting flaw in Sears' Web site all too common

Check out this bit about a security flaw recently revealed on Sears' Web site. As the researcher alluded to, hacking and security are way more than people exploiting known software flaws. There are so many other security issues with Web applications. I see it all the time when doing my manual analyses on Web sites/applications. The sky is the limit for these business logic vulnerabilities and I suspect it'll always be that way. I love being a consultant who performs Web security assessments - there's always something new and challenging!

Magazines going "green" - law of unintended consequences??

If you've been following me for long you know that I'm no fan of the religion of "global warming". That said, I'm all for each person taking responsibility and doing the little things that add up to protect the environment. You should see our recycle bin at home - it's a 40 gallon bin that gets filled up within 4-5 days. Then we have to wait another week for the recycling pickup while all our junk to be recycled stacks up. I digress but you see my point.

Well, I'm also not a fan of magazine publishers doing away with their print rags - usually in the name of "going green" (I know, for some, it's a matter of survival). Anyway, I just wanted to make it known to these publishers - Software Test & Performance comes to mind - that I used to read your magazines all the time at lunch during the week, at home on the weekends, on airplanes, etc. But now that you're sending them electronically, they're just getting mixed in with most of the other noise in email hell and eventually ignored and deleted. A big reason for this is that I don't like reading much more than a short article on the computer screen. The flickering of the LCD screen drives me nuts and wears my eyes out. If I do remember to read the issue you email me I end up printing the pages I'm interested in.

How's that for the environment? Kinda defeats the purpose if you ask me. Maybe I just need to get a Kindle.

Sunday, August 30, 2009

Good summary of the new HIPAA rules

As you may know the ARRA government growth bill passed by President Obama earlier this year contains something called the HITECH Act that brings a whole new meaning to the word "HIPAA". There's a lot of mixed information about on the Web (no surprise) but I recently came across a page that lays out the essentials of the HITECH Act very clearly. Definitely worth checking out if your organization does business in/around the healthcare arena.

It's funny - back when I started my consulting practice I thought HIPAA was going to be all the rage. Having co-authored a book on HIPAA compliance I have done quite a bit of work around it but nothing like I thought I would. I suspect that's going to change. HITECH not only establishes some pretty sharp teeth for HIPAA but it also brings a whole new era of compliance for business associates. You know - the businesses that were "supposed" to comply with the HIPAA privacy and security rules to begin with. It was something mandated by contract in the original HIPAA legislation but we've seen how well that worked out.

Don't get me started on risk management by contract...Someone signing a document promising to protect sensitive information is one thing but what takes place in the real world - that's something completely different altogether!