You can't secure what you don't acknowledge.SM

Friday, August 26, 2011

My new book: Implementation Strategies for Fulfilling and Maintaining IT Compliance

Check out my latest book published by

Implementation Strategies for Fulfilling and Maintaining IT Compliance
In Implementation Strategies for Fulfilling and Maintaining IT Compliance I share strategic and tactical methods for getting your arms around the compliance beast. You can download all the chapters (below) for free by signing up on Realtime's site. They've got a ton over other good content too.

Here's the low down:
Businesses are struggling more and more with the compliance requirements being pushed on them from every angle. The reality is that such regulations aren't going away. However, there’s a silver lining – IT compliance doesn’t have to be that difficult and once you've mastered compliance it can serve as a business enabler and competitive differentiator.

In Implementation Strategies for Fulfilling and Maintaining IT Compliance, a practical guide on real-world issues related to IT compliance, the reader will find reasonable solutions for the professionals responsible for making things happen.

It's great for anyone faced with implementing the standards mandated by regulations such as HIPAA, HITECH Act, GLBA, SOX, and PCI DSS. CIOs, compliance officers, IT directors and network administrators can all benefit from the anecdotal stories, down-to-earth strategies and sage advice for creating gaining and maintaining control of IT compliance so that it can enable rather than hinder the business moving forward.

Chapter 1: Understanding the Real-World Issues Associated with IT Compliance
Chapter 2: The Costs of Compliance and Why It Doesn't Have to be So Expensive
Chapter 3: Simplifying and Automating to Reduce Information Systems Complexity
Chapter 4: Establishing a System of Network Visibility and Ongoing Maintenance


Thursday, August 25, 2011

Join me live today at Dark Reading's webinar #iwkdrbreaches

I'm speaking at the #Information Week/Dark Reading Virtual Trade Show How Security Breaches Happen and What Your Organization Can Do About It.

My session is titled How to Win the War Against Cybercrime and starts at 2:30pm ET. Here are a few words about it:
What are you doing to avoid becoming the next Wikileaks, Google, or Sony? Despite the fact that businesses will spend over 50 billion dollars worldwide on IT security projects this year, it is a virtual certainty that your organization will experience a security breach at some point.

While the complexity of cyber threats may be increasing, the good news is that the answer to combating these threats need not be complex. By implementing solutions that integrate your identity, access, and security environments, you can protect your organization's network, systems, and critical information from insiders and criminal hackers.

In this presentation, noted information security expert Kevin Beaver will discuss current and evolving cyber security threats, some common oversights he sees in his work and recommend solutions that deliver the information you need to reduce the risk of security breaches across your enterprise.

Thanks to the nice folks at NetIQ for making it happen.

Hope to "see" you there!

Wednesday, August 24, 2011

What direction are you heading with data protection?

Here's a new guest blog post I wrote for the folks at Credant:

Heading in the Wrong Direction with Data Protection?

You may see this differently but I think we're heading down the wrong path in this area - especially on phones and other mobile devices. I suspect we'll end up in a situation like we have recently in the U.S. where the very people putting the "stimulus" bill and Obamacare in place are suddenly clamoring to get our national debt under control. Come 2013 or so, it'll be, remember those vendors and bloggers spouting off about how important mobile security was back in 2010/2011 when our network environment was much simpler?

The inability to think long-term is so, so dangerous folks. Don't be like our politicians who can't see past the next election. Make the decision to get your arms around the mobile security beast now. Start today. Here's a link to some resources that can help.

Monday, August 22, 2011

Fine-tuning your Web application security

I think I could write about Web application security every hour of every day...there's just so much involved with building secure apps, proper security testing, getting (and keeping) management on board and so on...But I wouldn't want to torture you in that way. Anyway, here are a few bits you may be interested in:

Properly scoping your Web security assessments

The cure for many Web application security ills

How much Web security is enough?


As always, be sure to check out for links to my additional Web security whitepapers, podcasts, webcasts, books and more.

Sunday, August 21, 2011

Getting ahead in your career + keeping IT staff on board

Here are some new bits I've written about IT and information security careers. First, what you can do to stand out above the noise and move your career ahead:
How IT pros can boost their worth -- and their salaries

...and second, what management can do to keep IT and security professionals interested in their jobs and on board with the business:
How to retain your IT talent

8 best practices for retaining IT talent


As always, be sure to check out for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more.