You can't secure what you don't acknowledge.SM

Thursday, July 21, 2011

Solid IT and infosec content to check out

I just got back in town from doing a video shoot on cloud security with my friends and colleagues at TechTarget in Boston (man, I love that city). Anyway, I feel compelled to share with you a few of TechTarget's websites that I write for and I know they have lots of others with all sorts of information security, compliance and IT content. Here you go:

...all of their sites are listed here:

My point is: there's no reason to not keep them on your radar....tons o' good stuff.

Thomas Paine knew his infosec

Here's a great infosec quote from statesman Thomas Paine:

"Our greatest enemies, the ones we must fight most often, are within."

This applies to both malicious insiders and ourselves as each of us certainly tend to get in our own way when it comes to making things happen with security.

Monday, July 18, 2011

If only "they" could understand us

You know how most people don't really understand the professions of others with whom they mingle or interact with? You know, retail clerks typically don't understand IT, doctors don't understand accountants, used car salesmen don't get landscaping and so on. Information security is arguably one of the cloudiest and least understood for those who aren't exposed to it on a daily basis.

After reviewing the headlines of my emails today I had a deep thought about this. Imagine if our colleagues, friends and family members kept abreast of the information security happenings from sources like Dark Reading, Slashdot, FierceCIO, NewsFactor and so on and saw headlines such as:
  • "Pentagon Discloses Largest-Ever Cybertheft"
  • "Sydney has 10,000 Unsecured Wi-Fi Points"
  • "99 Percent Of Android Devices Are Vulnerable To Password Theft"
  • "Lady Gaga Website The Latest in String of Celebrity Hacks"
...and so on. Even if it were for just a week, I think they'd start to see what we're all up against. Maybe people - and society - would start to get information security.

I suppose this all goes back to awareness and buy-in. Two things information security just doesn't have enough of these days.