You can't secure what you don't acknowledge.SM

Saturday, June 18, 2011

When's political correctness going to impact infosec?

Witnessing the Thought Police's handling of the Tracy Morgan debacle I can't help but wonder if political correctness is not the beginning of dictatorships, Communism, etc. where the population is not allowed to speak up or out against anything.

Don't get me wrong. Being a libertarian, I'm pro-choice on everything...To each his own. As long as you're not affecting the life, liberty or property of someone else, then say what you need to say and do what you need to do. Sure, I know we need to be sensitive in certain situations. The problem is that political correctness leads to the legislation of our thoughts and feelings...Tell me, just how different is that from dictatorships and Communism in parts of the world where, ironically, people cry out for "human rights" because of the oppression brought on by, well, ourselves?

It'll be interesting to see how political correctness invades the very fiber of information security and privacy in businesses down the road. Will we eventually reach a point in the not so distant future where it'll be politically incorrect (esp. here in the U.S.) to tell people what websites they can or cannot use or what applications they can load on their endpoint devices connected to the business network? Will it be demeaning to others when we suggest strong passwords or we point out how security oversights brought on by people making poor choices are bringing the business down?

I'm just saying...People are complex and these are things that are impacting us personally now and likely in our work down the road. How are you going to handle it?

Friday, June 17, 2011

Proud to be a speaker on the TechTarget roadshow

I just completed two seminars this past week for TechTarget and CDW...One was in Minneapolis, which by the way, was probably the friendliest city I've EVER visited. Great bunch of folks...thanks for the great Midwestern turnout and hospitality!

Our second stop was San of my most favorite cities to visit. I also had the opportunity to visit the nice folks at one of my publishers: (publisher of my latest book that I'll be posting about soon) and one of the websites where I serve as an IT security expert: Just meeting these people for the first time made the trip worthwhile.

If you're not familiar with it, you should check out these security seminars we're doing...lot's of good discussions around what it takes to really get your arms around the security beast. We may be coming to a town hear you between now and year's end. Here's the website:

Predictive Security: Plan Ahead to Stay Ahead of the Next Threat

Hacking tools & malware creation illegal - what's next?

With all the criminal behavior taking place on computers around the world, it appears that politicians are seeking some solutions. For instance, European Union Justice Ministers are proposing a ban on hacking tools. I suspect this law will work just as well as gun laws in the U.S. Simply criminalize the inanimate object (or code) and only the law-abiding citizens will comply. It creates the perfect storm for criminals to be able to continue doing what they do.

Furthermore, an unintended consequence of such tools being banned and kept from legitimate use like in the independent security assessment work that I and many of my colleagues do, then businesses in general suffer.

The burning question is: who decides what hacking tools really are? Are they password crackers? Vulnerability scanners? Perhaps Web browsers in general? I suspect they'll have a panel of ignorant bureaucrats making the call like what our "leaders" here in the U.S. (Obama, Pelosi, etc.) envision with their ObamaCare death panels. Government knows best.

On a related note, just today the Japanese parliament enacted legislation that criminalizes the creation of malware. Is this any different? It can certainly be argued that malware serves no purpose other than to do harm. Of course, many people around the world believe the same thing about guns owned and used for the sole purpose of self-defense.

It's a complicated world we live in...what to do now?

Monday, June 13, 2011

IT careers, compliance & the Internet "Freedom" Act

Here are some recent pieces I wrote on IT and security careers and compliance that you may be interested in...content that likely applies to your very situation:

Career networking dos and don’ts

But Compliance is Someone Else’s Job!

Cybersecurity and Internet Freedom Act – New name, same game


As always, be sure to check out for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more.

New WebsiteDefender from @Acunetix worth a look-see

The folks at Acunetix have a neat new product/service called WebsiteDefender. I've yet to try it myself but it looks promising - fills a nice niche.

WebsiteDefender is an agent-based tool for websites and WordPress-based blogs that:
  • Scans your site for security flaws
  • Detects malware running on your site
  • Alerts you to suspicious web site activity including file changes
The obvious benefit is to have a more secure online presence but as Acunetix is marketing WebsiteDefender, it can also keep you from getting blacklisted by Google and presumably from being listed as questionable by services like Web of Trust.

Certainly worth checking out. More info to come once I take it for a spin...