You can't secure what you don't acknowledge.SM

Friday, March 4, 2011

My upcoming information security speaker roadshow

Thanks to TechTarget and CDW starting this month I'm embarking on an 11 city speaking tour across the U.S. Along with my colleague Pete Lindstrom, we'll be speaking/ranting about all sorts of network security and data protection stuff including:

Embedding Security into the Network—Building Defense in Depth
  • Securing your Presence at the Perimeter: Contrary to Popular Belief, you do still have a Network Perimeter
  • Locking Down Server and Workstation Operating Systems: A Critical Component of Your Network Security Strategy
  • Mobile Security Blunders and What You Can Do About Them
Data Protection and DLP—Compliance and Technology Update
  • Weighing Information Asset Value and Risk to the Organization
  • Making the Case for an Investment in Data Loss / Leakage Prevention
  • Leveraging the Benefits of Encryption and Rights Management
I hope you can join us at these no-cost should be both informative and fun. Check it all out and register here.

Wednesday, March 2, 2011

Data breach statistics show that problems still exist

Have you checked out the Chronology of Data Breaches lately?

...Very interesting stats on known data breaches. I peruse the site through every now and then and it seems that every time I do there's an organization that 1) I've done business with (for personal stuff) or 2) as in the case of MicroBilt Corporation's breach posted last week they're right down the road from me.

Does the six degrees of separation law apply to data breaches as well?

Two career essentials: time management & hands-on experience

If I had to choose two things that IT and information security pros need to focus on more than anything else, it'd be learning how to manage your time and continually fine-tuning your technical skills.

Well here are two pieces I wrote for that that delve into these topics:

Time management strategies for the IT pro

Low-cost ways to get the IT skills you need

...learn these skills and practice them over and over again and you'll be amazed at what you can accomplish in your career.

My roundtable tomorrow on the state of IT compliance

Join me and my colleagues/friends Becky Herold (The Privacy Professor) and Scott Woodison (security manager extraordinaire) on tomorrow at 2pm ET where we'll be talking about:
  • Compliance vs. managing information risks - there is a difference
  • Common compliance-related mistakes
  • Recent changes to information security and privacy regulations and how they affect you
  • Recommendations on what your business can do to get its arms around the compliance beast
It'll be laid back yet informative...we'll no doubt leave you with some things to be thinking about and some tips for dealing with compliance once and for all.

Here's the link for more info and to register (no-charge to participate):

See you there!

The real numbers behind lost laptops

Here's a recent piece I wrote for my friends at regarding the lost laptop problem and what it's costing businesses:

The Billion Dollar Lost Laptop – What’s it costing your business?

I've seen some naysayers out there stating that there's no way a lost laptop could match up to Ponemon's figures. I say why find out!? Whatever the cost, the solutions for laptop security are simple once the choice is made to keep them in check.

Monday, February 28, 2011

Security talent ≠ security success

Here's one of those great quotes that applies directly to infosec:

“Talent is cheaper than table salt. What separates the talented individual from the successful one is a lot of hard work.” -Stephen King

There are plenty of people who understand security architecture, hacking and related technical issues but few who really get the essence of risk and have taken the necessary steps to make information security work in support of the business.