Palin Email Hacker – Lessons for Business

I figured it would only be a matter of time before something would pop dealing with information security and VP nominee Governor Palin. The news is all over the Internet by now.

If anything, this should be used as a wake up call for any and all businesses. What is the call? Don’t permit web based emails to be used from within the company or from company resources. Even in Palin’s case, it shows some general dialog between Palin and others in the Alaskan government. Additionally, information and pictures of her family were posted on the Internet.

Continue Reading

Disaster Recovery – Gustav and Katrina Teaches Us. Or does it?

Disaster recovery planning is something most people don’t enjoy doing. I know I don’t. For most of the DR planning I’ve done outside of the military I have found the process to be a waste of time. Why you ask?

Because after the planning is over and the document changes are finalized, the business is ready to move on to something more important. They are operating in the now and believe DR is something we will never have to use…hopefully. Cross your fingers as it were. I mean, after all, the document is done and the check mark can be placed in the box for those needing to know if we have a DR plan.

Continue Reading

“Security? It’s not in the scope of the project!”

It’s been awhile longer than I like to admit for posting. I suspect I’ve been befallen like many others…staying up late night to watch the Olympics. I’ve enjoyed them more this year for some reason than in years past. Maybe I have a greater appreciation for the amount of work it takes these athletes to prepare for competition. And it’s heart breaking when they make a mistake and know it. They continue on even when they recognize their dream of medals is over.

Continue Reading

Feds Arrest Hackers of TJX, Other Retailers in Huge Conspiracy Bust

Here’s an example of borderless, worldwide crime. Remember the TJ Maxx data breach? More details are coming out. A couple details it brings to the top:

1. Location, location, location. Meaningless with digital crime. A worldwide reach is possible right to your backyard.

2. Wireless is a threat. Configure it properly. When done right it can work. Haphazardly…watch out.

Be smart people…from the Mom and Pop shops all the way up to the huge corporations. It doesn’t matter. Secure it.

Password Really is the Key to the City

I haven’t posted in a couple of weeks. But this little incident was enough to jump in the saddle real quick. I am working on a couple of other posts which will appear soon.

This incident ongoing in San Francisco is an excellent example for employing "checks and balances." There should never be a situation where one person holds the only set of keys to the data. Never. What should happen then?

Continue Reading

Big Brother Can’t Lead People

People always seem to be afraid of Big Brother. They don’t like to be watched or have the feeling they are being watched. I don’t blame them. What is   interesting to me is how some supervisors and managers want to rely on it when it might suit their needs.

It amazes me how many times I’ve had to turn down requests from these "leaders" attempting to use Big Brother as a management tool. I’ve heard the whole list of explanations:

Continue Reading

Why go to Black Hat?

The Black Hat Conference has been going on for years. For me, I’ve always said I would like to get there some day. Instead, I’ve always opted for making it to the RSA conference because the companies I’ve worked for were willing to send me to one or the other each year.

I used to believe the Black Hat conference was on the forbidden list for those of us certified with CISSP. Maybe this was true. I did a quick scan of the ethics policy on web.

Continue Reading

Big Brother vs. Acceptable Balance

One of the things I’ve learned over time is how people deal with change. Introducing an INFOSEC program needs to take this into account. It is also one of the most important lessons I learned…the hard way.

When I retired from the navy and moved to the civilian sector I admit I carried a large navy attitude. I was a Chief when I left. A navy chief is used to looking at problems and getting them solved asap.

Continue Reading