Monthly ArchivesApril 2012

Mystery Shopper Scams Getting Aggressive standard

Mystery shopper scams are nothing new, but I now have the experience of being personally targeted by one. From my research, most of these scams are carried out in a “pull method,” whereby ads are placed in classified sections asking for applicants for a part time job. I was targeted by someone using the “push method,” whereby a live (fraudulent) check was mailed to me in a haphazardly stuffed envelope with an official looking letter and survey form. Redacted versions of those documents are linked above. One of the first lessons I learned in high school economics was TINSTAAFL. And while I’m pretty far removed from high school at this point, that one came roaring back when I was mailed ...

Continue Reading

Big Data vs Social Engineering standard

Some of the discussions we are having over here are brain-wrinklers! I was speaking with some colleagues yesterday about the security implications of big data. Typically I would group them into two separate ares: Using big data as an enabler for predictive security analytics (i.e., deriving security information powered by analytics across big data) Securing the output of big data analytics on the business side (and possibly in infosec too) After talking about some of the uses of Greenplum Chorus, it occurred to me that there was a third area that needs to be addressed: the security problem of using independent but diverse big data sets to arrive at the same conclusion (especially when that conclusion could be part of ...

Continue Reading

Sir, Put Down the Loaded Weapon standard

Sensitive information is sometimes like a loaded weapon someone might randomly stumble upon in a park. For those that have some kind of training with weapons, you can probably think of a dozen things you would and wouldn’t do if you were in this situation. But what if you had never seen this kind of weapon before? Would it become a paperweight on your desk? Maybe a doorstop? Or in an extreme case, earrings? Maybe you see peers treating these weapons the same way and all the sudden it becomes acceptable. Until one goes off. Then everyone flips their lid and its utter chaos. Questions like, “How did this happen?” and “Why isn’t the government protecting us?” start to pop ...

Continue Reading

What’s your Maturity? standard

No, I’m not asking how old you are or if you still laugh at fart jokes, but how mature is your security program? Traditional security isn’t working anymore, and its relevancy erodes as the business moves ahead without it. If you’ve heard me speak about information security maturity lately, you may have heard me compare our industry and function to Maslow’s Heirarchy of Needs. For those of you that may need a refresher, here are the basics (minus a few to stop some search engine hits). In order for a human to realize his full potential, he must have specific needs met. Those are: Physiological: food, water, sleep, movement toward stability Safety: security of body, employment, resources, morality, family, health, ...

Continue Reading

Herding Cats: A Curmudgeon’s Party Line (April 2012) standard

Have you checked out ISSA Connect yet? The next issue is up there with my column, A Curmudgeon’s Party Line. This month’s topic is quite timely as there have been several new attacks published related to SCADA and industrial systems. This article explores some of the reasons why we might see the marriage of IP-based systems with industrial systems causing issues today and in the future. If you are a member, log into ISSA Connect and join the discussion! Interact with great professionals globally as well as the authors that you enjoy reading every month. If you are not a member, sign up today!

Continue Reading

There Are No BYOD Absolutes (You’re Doing It Wrong) standard

Check out this post by VPN Haus that tackles the cost savings aspect of BYOD. They argue that BYOD can be expensive and isn’t always a cost savings initiative. There are a few issues with this article that I’d like to address, starting with the cost issue. BYOD isn’t just about saving money, it’s also about making employees happy. I have not met a knowledge worker that looks forward to getting their new clunky Dell or Lenovo laptop, especially if they travel. Having the ability to empower the worker to bring their own device allows for cost savings in a number of areas, including forcing them to handle their own basic break/fix support. In my case, I don’t call IT ...

Continue Reading

March 2012 Roundup standard

What was popular in March? Breaches and advanced security and March Madness, OH MY! St. Paddy’s and spring break dominated most of the twitter discussions this month, although at the end we sure had a topic to discuss. More on that later. Here are the five most popular posts from last month: RSA Conference 2012, Are You Ready? I hope you made it out to RSA Conference this year. The buzz and excitement around the event of 20,000+ attendees was electric! Top Five PCI DSS Mistakes that Lead to a Breach. I wrote this blog post after speaking to several insiders about the challenges small companies face when it comes to complying with PCI DSS. Many of them look at ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!