Here’s an example of borderless, worldwide crime. Remember the TJ Maxx data breach? More details are coming out. A couple details it brings to the top:
1. Location, location, location. Meaningless with digital crime. A worldwide reach is possible right to your backyard.
2. Wireless is a threat. Configure it properly. When done right it can work. Haphazardly…watch out.
Be smart people…from the Mom and Pop shops all the way up to the huge corporations. It doesn’t matter. Secure it.
When do politics come into play with regard to good security? And will politics be a contributor or detractor to information security?
These are two important questions I’ve encountered over my career. The answers can be rather nebulous and will differ from organization to organization. The short answer is yes…to a point.
People always seem to be afraid of Big Brother. They don’t like to be watched or have the feeling they are being watched. I don’t blame them. What is interesting to me is how some supervisors and managers want to rely on it when it might suit their needs.
It amazes me how many times I’ve had to turn down requests from these "leaders" attempting to use Big Brother as a management tool. I’ve heard the whole list of explanations:
The Black Hat Conference has been going on for years. For me, I’ve always said I would like to get there some day. Instead, I’ve always opted for making it to the RSA conference because the companies I’ve worked for were willing to send me to one or the other each year.
I used to believe the Black Hat conference was on the forbidden list for those of us certified with CISSP. Maybe this was true. I did a quick scan of the ethics policy on www.isc2.org web.
One of the things I’ve learned over time is how people deal with change. Introducing an INFOSEC program needs to take this into account. It is also one of the most important lessons I learned…the hard way.
When I retired from the navy and moved to the civilian sector I admit I carried a large navy attitude. I was a Chief when I left. A navy chief is used to looking at problems and getting them solved asap.
I remember when USB flash drives came out. It was the coolest thing and so easy. But do these things really help us transport data or hurt us? I came across a couple of articles recently I thought I would pass along…of course with commentary.
First, this one about HP shipping USB sticks with malware. This was an interesting attack vector, which seems isolated to a particular type of HP server. The question is were these USB drives infected inside HP, the manufacturer, or somewhere in between? What steps need to be considered to prevent this from happening again?
I discovered a new website today, run by ZDNET. It is called BNET. They have an interesting couple of articles there that caught my eye. I read them and realized these articles would be great for any business to read. I’ve been spouting off for quite a while about the importance of keeping quiet outside the workplace. This attitude stems from my time in the service. It was ingrained in me to never speak outside of the workspace about what it is we do in there.