You Are Viewing

Category Archives: Security

Security Tools: Groundhog Day Special Edition

Big Questions Just like the famous Groundhog, Punxsutawney Phil, I get asked some of the same questions over and over. One that I hear every time I do an assessment is, “So, what kind of tools are you using?” I suppose it’s just natural to be curious what kind of instrument is about to be […]

Assets & Accountability

Absurdly Farcical So imagine a corporate earnings report where the CFO says, “We have a ton of money. We’re not sure what kind, what’s protecting it, where it is or even how much of it we have but trust me, it’s a lot.” His exit interview would take less time than the corporate Tweet of […]

Survey Says

Thanks, but no thanks! I can hear the voice of Richard Dawson saying, “One hundred hackers surveyed.  Top five answers are on the board.  Name an effective social engineering technique.”  What can a survey say about the inner workings your organization?  Plenty! Surveys show up as phone solicitations, online forms and even strangers on the […]

Passwords

The First Line of Defense Password authentication is a routine part of our everyday lives.  We use passwords in our personal lives to open garage doors, login at work, check email or grab cash from an ATM.  According to the federally funded Computer Emergency Response Team / Coordination Center (CERT/CC): “80% of all network security […]

Messaging

Message in a Bottle Email is popular.  (And for my next understated observation…) and not very secure.  Okay, so everybody knows how to send an email but not everybody knows that email messages are sent in “clear text.”  This means that anything sent in an email can be viewed by anybody along the message’s route […]

Encryption

Into the Unknown As I travel around doing security assessments, audits and visits, I am often asked to share or distribute some of the very sensitive information that I collect on my journeys.  Recognizing that it is delicate (even dangerous) information that must be communicated, I inquire as to how the recipient would like to […]

Data Inventory

Blissfully oblivious. Companies of all sizes become the victims of their own ignorance when they learn that they’ve breached data they didn’t even know they had.  If it’s true that “you can’t fix what you don’t know is broke” then it should follow that “you can’t protect what you don’t know you have.”  The first […]

Data Destruction

How Many Passes? Frequently, I think of the little boy who consulted the owl to find out how many licks it takes to get to the Tootsie Roll center of the Tootsie Pop.  The owl’s response: “Let’s find out.  One… two-hoo-hoo… three.  Three!”  I think about that sage old owl each time the topic of […]

Cloud Computing

Metaphors of the Graphically Challenged If you’ve ever seen a network diagram then you’ve probably noticed that somewhere in the picture is a little storm cloud labeled “Internet.”  Typically, IT guys are not very artistic so drawing a cloud to represent the Internet is something that even the most graphically challenged geek can accomplish.  Truth […]