Archive for June, 2007

Another Study Supports The Need for Awareness and Executive Support

Monday, June 18th, 2007

I’m always interested to read survey results related to information assurance. Of course the readers need to take the interpretations and summaries with a grain of salt; very few surveys are statistically representative of all organizations.


Another Fun Security Awareness Site

Friday, June 15th, 2007

Here’s another great security awareness site pointed out by Dave Ockwell-Jenner in the Security Catalyst community:
the Security Cartoon site.

You Can Never Really Tell Who Gets Your Wireless Transmissions

Friday, June 15th, 2007

It was interesting to read about an elementary school science teacher in a Chicago suburb whose baby monitor picks up the video transmission from inside the space shuttle Atlantis.


I Don’t Want Spam, Even If it Is “Certified” To be From a Legitimate Business

Thursday, June 14th, 2007

There are some vendors offering “certifications” to businesses to help get their marketing email past spam filters as well as to help prevent successful phishing exploits.


OMB Sets Security Configuration Contracts Language for Acquisitions

Wednesday, June 13th, 2007

On June 1 the U.S. Office of Management and Budget (OMB) released recommended language for all federal government chief information officers for required common security configurations for Windows computer operating systems that should be included in acquisitions solicitations to information technology providers.


Greetings from Arizona!

Tuesday, June 12th, 2007

Is it Tuesday already? I’ve lost track of the days…I’ve been here at the CSI NetSec conference since Friday, giving Chris Grillo’s and my “Handling Complex and Difficult Information Security and Privacy Issues” pre-conference seminar on Saturday and Sunday.
We had 16 outstanding participants from a wide range of industries, including government, technology, and retail, just to name a few. I love having this variety; it leads to very good discussions and increased understanding of what information assurance practitioners are dealing with. Thanks again to those of you who attended; your interaction was fantastic!


Avoid Some Common Email Pitfalls

Friday, June 8th, 2007

There are increasing reports of email misuse, malicious use, mistaken use, and just plain bad implementations of email systems that allow the many outside threats and desperado insiders to exploit vulnerabilities.
It is most common for information assurance pros to be fairly diligent in trying to keep malware out of the enterprise network through scanning and filtering emails, and it is good to see that it is also becoming a growing trend to try and prevent sensitive data from leaving the enterprise, “leaking” is the current buzzword of choice, by using scanning and encryption. However, there are many other email mishaps and business damage that can occur through the use, or misuse, of email that can have negative business impact and legal implications.


Could I Have a Side of Fries With That Security Please?

Thursday, June 7th, 2007

There’s a pretty good McDonald’s commercial that started running recently. It shows two guys looking down at the office area on the floor below saying something like, “Janet’s so lame. She only buys McDonald’s for everyone so they’ll do her work for her.” Then the other guy says something like, “Yeah, it’s disgusting.” Then they both take a bite of a McDonald’s sausage McBiscuit, and then one says something like, “Well, we’d better get busy doing Janet’s invoices.”


Another Information Security Awareness Method

Wednesday, June 6th, 2007

Organizations need to provide ongoing information security and privacy awareness communications and activities. Messages need to be made in a variety of ways to accomodate the variety of learners and how people actually soak into their brains and memories the information you want them to understand and retain.


“Getting Tough” With Information Security Is Really Just Getting Smart

Tuesday, June 5th, 2007

Today I saw the headline, “Energy gets tough on laptop use” in Government Computer News and I was curious to see that the story was about how the U.S. Department of Energy (DOE) is going to start actually enforcing their security practices by accurately inventorying and tracking their mobile computing devices after having “lost” 1,415 laptops in the past 6 years. The DOE also indicates they are going to start enforcing their security policies and procedures.