You can't secure what you don't acknowledge.SM

Friday, November 20, 2009

I need your help *today* Friday Nov 20th

You may already be aware of TechTarget's IT Knowledge Exchange. It's a great place to ask questions and/or establish yourself as an expert.

Anyway, I just realized that today's the last day to nominate another member [subliminal message]Kevin Beaver
[/subliminal message] for their Panasonic 42" TV giveaway. Someone you know [subliminal message]Kevin Beaver[/subliminal message] is in the running and could really use your help.

So what's in it for you? When you nominate someone
[subliminal message]Kevin Beaver[/subliminal message], you get a chance to win one of five $20 Amazon gift cards they're giving away. Hardly anyone has voted so your odds of winning are really good! And, by signing up you can become part of a good community of folks - good for networking, good for your career.


"Computer glitch" always to blame for someone's bad choices

Here's my two cents on the people failure - I mean "computer glitch" - at Atlanta's Hartsfield airport yesterday. Gotta blame something...

Hartsfield outage: "Computer glitch" or FAA "people failure"?

Thursday, November 19, 2009

I could've sworn we had this thing called HIPAA

Remember way back in April of 2005 when the HIPAA Security Rule went into effect? Well apparently some healthcare providers didn't get the memo. Big blow to Health Net.

So, no reasonable security controls to meet the HIPAA requirements much less no encryption of mobile storage devices? Seriously people: what is it going to take to encrypt mobile drives!!??

I'm not a fan of BitLocker in the enterprise and not sure how big Health Net is but, heck, they could've at least considered it!

Golly...I think I get so fired up about this stuff because it affects us all so personally. Furthermore it's, um, common knowledge that big security breaches will and do occur on a daily basis.

Monday, November 16, 2009

So, certification is what's best for your career, huh?

Per Microsoft Learning's director: "We see the trend increasing that individuals are making the decision that what is best for their careers is to be certified"...Completely disagree. Read the news column...Can you see the hidden message?

Here's what's best for your information security career...substance, not certification. Ooh, maybe I should trademark that. ;-)

BitLocker and Windows 7 – Things you need to consider

I was recently asked to write a whitepaper on considerations for Bitlocker in Windows 7. While doing my initial research I learned a lot about BitLocker and discovered some new ideas and approaches for managing sensitive data. In this whitepaper I cover:
  • Why data encryption matters
  • BitLocker’s new features in Windows 7
  • Operational concerns you need to think about
  • Usability issues that can create problems
  • Potential compliance and security gaps you don’t want to overlook
…and more.

We know the security threats we’re up against. We understand the value of data encryption. And odds are Windows 7 is going to be the next big operating system at the desktop. Taking these things into consideration, we’ve got a long way to go in order to get our arms around protecting sensitive data – especially on mobile devices such as laptops, netbooks, and external drives.

Knowing how the marketing beast tries to pull us in one direction and seemingly critical technical issues in the other, we often overlook which way is best for the business. After all, that’s what security decisions need to be based on. You have to look at your business operations, politics, staff expertise and so on with a critical eye and ask yourself what’s going to be the best data encryption solution overall.

I’m a big advocate of using what you’ve got before you go out and spend even more money on third-party security products to gain the control and visibility you need. I see it all the time. Managers complain that security’s too difficult or expensive all the while they’re not even using their built-in operating system controls – controls that can go a long way towards keeping things in check. But just because something is built in and “free” doesn’t mean it’s the best fit or suitable for the business.

I’ve come to the conclusion that many businesses – arguably the majority – are not anywhere close to being where they need to be with security and especially data encryption at the workstation. Microsoft isn’t necessarily coming to the rescue with BitLocker in Windows 7 either.

Some good old-fashioned research and planning is in order if you’re going to get your arms around data encryption and truly minimize your business risks in this compliance-driven world we work in. This means understanding the facts and thinking long term about how your decisions on emerging technologies will impact your business both now and down the road. My whitepaper Considerations for BitLocker in Microsoft Windows 7 will help you get the ball rolling.