You can't secure what you don't acknowledge.SM

Thursday, August 16, 2012

You can't buy security for $1, but some people will fall for it

I recently deposited a check at a giant monster mega bank that's continually trying to sell me new services and the teller asked: "Would you like to buy identity theft protection for just $1 today?"

Wow, you're saying my personal information will be safe and secure for a mere $1...!? Amazing...but no thanks. Sadly, many in management are like the average consumer: they just don't realize what it takes to ensure information security. No it's not just about anti-virus, or firewalls or that little lock thingy in our Web browsers. No, it's about some set of unenforceable policies sitting on a shelf that no one knows about. Nor is it those silly marketing slicks telling us our privacy "rights".

It's not that simple.

Don't you just know that, right now, this very bank has laptops, tablets, smartphones and the like chock full of sensitive information waiting to be exploited in when a loss or theft occurs. The general public doesn't get security...that's why these banks are successful in selling services that people don't need. I'm not's good for our field.

Sadly, consumer ignorance and the unwillingness to question how personal information is handled will be overlooked while, at the same time, many of these very consumers will blame the big evil corporations for trying to make a profit. Who's the real dummy here?

Side note: identity theft protection is not a bad thing to have...Based on what I see in my information security assessment work, I wouldn't dare be without it! Just don't pay for it...Not even $1. Here's some info on how you can get it for free.

Tuesday, August 14, 2012

Aiming for the CISSP? Check out this book.

I recently completed the technical edits for the new book CISSP For Dummies, 4th edition. It's a great book (not because of my contribution!) that I wish I would've had when I was studying for my CISSP test back in 2001. If you're prepping for the CISSP exam or just want to brush up on the fundamental concepts of information security, this book is a must-have. Just keep in mind what I've always said, certifications are only part of the information security career equation.

Interesting side note: Years ago, around the time I first wrote Hacking For Dummies, Wiley  approached me to write CISSP For Dummies. I had too much going on at the time so I declined the offer. Now that I see what this book has evolved into, I'm glad I didn't agree to write it! I believe Peter Gregory and Larry Miller did it more justice than I ever could have. Check it out.