Posts tagged: security awareness

Don’t Be a Billy

I’m getting a kick out of some fun videos put together by the fine folks at StaySafeOnline.org.  Check them out and enjoy this awareness video:  “Don’t be a Billy”

Wednesday August 4th, 2010 in , , | No Comments »

Security Professional Pipeline

The demand for a trained and educated information security workforce here in the U.S. continues to grow.   Creating a pipeline of information security professionals has to start early.   A national campaign to develop the next generation of “Cyber Defenders” has been happening without the fanfare or kudos that it needs. The Collegiate Cyber Defense Competition [...]

Friday June 25th, 2010 in , , , | No Comments »

Tip Tuesday – Business and Pleasure

Tip Tuesday! Most small business owners understand that they need a business checking account in order to keep their personal and business finances separate.  That just makes good sense.  What some, especially home-based business owners, fail to do is separate their business and personal computing, especially userID and passwords.  Maintaining that dividing line between your [...]

Tuesday March 16th, 2010 in , , | No Comments »

A Shame for InfoSec Transparency

The CISO of Pennsylvania was apparently fired after discussing a breach while serving on a panel at the recent RSA conference.  The removal appeared in several articles including this SCMagazine report.   The information provided by Bob Maley was a clear description of a threat that some states may face, an appropriate discussion for this panel.  [...]

Saturday March 13th, 2010 in , , , | No Comments »

“Jargon” follow-up: InfoSec and the MBA

Nomenclature is simply a way to name things that are used in communication.  Every profession has their own taxonomy that allows them to understand and identify “things” that are specific to their area of expertise.  This has a downside.  Those outside of “the club” have difficulty understanding the terms and principles that come naturally to [...]

Wednesday February 24th, 2010 in , , , | 2 Comments »

InfoSec targeted for use of “jargon” – Blah!

Why is it that terms used in the information security profession is referred to as “gobbledegook” while in other professions it’s known as nomenclature.  Every profession has its own jargon so for “experts” to label this as something unique to information security is rather unfair. “One problem is that computer “geeks” use jargon to cloak [...]

Wednesday February 24th, 2010 in , , , | No Comments »

Don’t Let FUD Trump Value

The Google “Aurora” incident illustrates an ongoing problem with the “media motivated” approach many organization take in regards to information security.  A major event happens and there is a short-lived window of opportunity to ride the “it can happen to us” wave to secure some funding for the latest toy or gadget.  Unfortunately, some executives [...]

Friday January 22nd, 2010 in , , , , , | No Comments »

Lawsuit, breaches and bashing… oh my!

Though it seems obvious that corporations have an obligation to protect the sensitive information they use for business it still amazes me that corporate behavior in this regard is still quite dismissive.  Lawsuits and public embarrassment seem to be the only catalyst for action for many organizations.  That is kind of sad.  Not only is [...]

Tuesday January 19th, 2010 in , , , , , , , | No Comments »

2010 Information Security Predictions

I may as well get on the 2010 prediction bandwagon. 1.  With the rush to get into the “cloud” businesses will sacrifice security for the promise of efficiencies.  Attacks will be focused on the applications placed in the cloud, not necessarily the underlying OS infrastructure.  I predict there will be a large compromise of information [...]

Sunday January 3rd, 2010 in , , , , , | 2 Comments »

The Cloud Does Not Absolve Responsibility

Cloud computing certainly offers cost management opportunities for organizations straining to maintain server infrastructure but there is more to consider than just server management.  Security in the cloud simply has not had an opportunity to mature.  Protecting servers, which no doubt cloud providers can do pretty effectively, is different than protecting information.   Those organizations that [...]

Tuesday November 17th, 2009 in , , , , , , | 1 Comment »