More Advice when using Public WiFi standard

Scott Carmichael from the great travel blog Gadling published a post yesterday with tips on keeping your data safe when connecting to public wireless hotspots.  There are some really good tips for everyone here, but I wanted to add to a few of the options. One of the recommendations is to get a 3G or 4G data card.  In working for a Telco for a few weeks, I did learn a thing or two about these networks and how laptops of employees can be locked down almost to be unusable.  This is definitely a fantastic recommendation but has two key drawbacks—cost and usability. While data cards can be obtained reasonably cheap, and depending on how you connect to the internet ...

Continue Reading

Sample Book Chapter posted! standard

Anyone know I didn’t write a book with Anton Chuvakin last year?  If not, I’ll tell you ALL about it. OK, seriously, I know I’ve talked a lot about it here.  If you have not bought it and are still skeptical, go check out the sample chapter we have posted on CSO Online.  This chapter, entitled “The Art of the Compensating Control,” is an expansion of the article of the same name.  There are some case studies at the end, and more details on compensating controls.  If you are like most people dealing with PCI, you probably have lived the compensating control euphoria turned nightmare turned compromise. If you still have not bought one and want a chance to win ...

Continue Reading

Securing your Social Networking Brand standard

This post originally appeared on Jennifer Leggio’s Social Business blog at ZDNet (now with more links!). Social networking sites as innocent as LinkedIn and as provocative as Twitter (have you seen my stream?) have now become a personal branding vehicle for many professionals. Some of us have had the unfortunate experience of losing a job we barely had thanks to social networking. Others have seen it as the boost to their career they have been wanting for years. Let’s talk about security in the context of the latter. When I moved my blog to a setup I administered, I made two commitments to myself. The first is that I would make frequent backups because there has yet to be a ...

Continue Reading

Herding Cats March: The Business of Security standard

Have you checked out ISSA Connect yet?  The next issue is up there with my column, The Business of Security.  In it, I discuss the business side of security and the transition that has to happen for security leaders to be more effective and valuable to their corporations. If you are a member, log into ISSA Connect and join the discussion!  Interact with great professionals globally as well as the authors that you enjoy reading every month.  If you are not a member, go sign up! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Continue Reading

The Social Security Office, an Identity Thief’s Heaven! standard

My wife is not into technology.  Or security.  Or UNIX.  Basically she looks at her Macbook as a way to check email, buy shoes, organize photos and videos, and make checklists for the babysitter.  So when she takes an interest in what I do, I REALLY perk up. She is very attentive to the things I do with our mail and sensitive information, only because she hears me talking about it all the time.  She knows not to give out passwords or personally identifying information.  She shreds expired cards and junk mail. She’s definitely more in tune to security than the average citizen. We recently noticed a reporting error from the Social Security Administration and the only way to clear ...

Continue Reading

February 2010 Roundup standard

What was popular in February? Healthcare seems to be a popular topic and I’ll be posting more on it as the new security requirements mature. Here are the five most popular posts from last month: Personal Liability for QSAs. I had a colleague ask me if he should take out personal liability insurance in case something bad happened on one of his assessments after he left his company.  Check out what I found out from Dave Navetta! Healthcare Security, the New Front. Boy, what a mess I caused.  After watching my doctor type in a four digit numeric password to access all of my medical records, I sent a letter over complaining about the lack of security and poor standard ...

Continue Reading

Healthcare Letter Follow Up standard

Frequent readers may remember that I sent a letter to a healthcare provider (who is anonymously referred to as Dr. Leo Spaceman) because he used a four digit, numeric PIN to access all of my medical records (assuming that he would also be using that same one for ANY patient).  Well, Dr. Spaceman responded. OK, I’m sure his admin responded, not personally him. But the response is a classic example of someone who has been asked a question like this before and had a pre-canned answer prepped.  I don’t think I’m the only person to observe Dr. Spaceman doing this. Dear Resident ((No, he didn’t say resident, but I think it would be funny and fitting if he did)): I ...

Continue Reading

Book Signing Today! standard

If you are out at the RSA Conference, please stop by the RSA Bookstore today at 1p for a book signing!  Anton Chuvakin will be there, in the flesh!  We follow Bruce Schneier. Possibly Related Posts: RSA Conference 2013, YOU READY!? New Security Services from EMC Consulting Enable Trusted IT GRC in the NextGen Data Center Trusting Identities in the Cloud Discover Your Security Persona at RSA Conference!

Continue Reading

Compliance, Easier than Security! standard

My undergrad is in Marketing.  I sometimes call myself a marketing guy, but only right before I rip on one that hypothetically might do something causing a technical guy to lose his weekend.  One of my favorite marketing guys is Seth Godin, and every once in a while he posts something that works not only in the Marketing world, but in our world. On Friday, his post “It’s easier to teach compliance than initiative” reminds me of how our business works.  Isn’t it WAY easier to talk about some kind of security-related compliance versus actually talking about security?  Think about your past interactions with information security.  Did you have a chance to create a 3-5 year plan detailing how you ...

Continue Reading

EMC/RSA Expand Security Consulting Services standard

If you call yourself a “security guy,” this week represents one of the pivotal industry-related weeks every year.  I’m speaking, of course, of the RSA Conference.  The conference turns 19 this year, and there is quite a buzz going on!  I’ve not even arrived and I’m hearing about the excitement. What I wanted to tell you about today is our release on the expanded Security Consulting services that we announced earlier this morning.  The full release is here.  You can follow all the news coverage here, and there seems to be quite a bit!   If you are out in San Francisco, be sure to stop by the RSA booth around lunchtime tomorrow, and we can discuss this in detail! ...

Continue Reading