InfoReck

2012 Enterprise Information Security Resolutions

I can’t believe it’s already been a year since I wrote my last Resolutions post. Overall, I believe those resolutions hold up pretty well. I’ve taken a few minutes to think back over 2011 and see how I did at achieving my resolutions… I am reminded that this ride isn’t a simple pass/fail endeavor. With that in mind, here are my 2012 Enterprise Information Security Resolutions.

1. Successful information security is about making progress. It’s not reasonable or sustainable to expect all risks to be remediated as soon as they are discovered. Instead, my … Continue Reading
   

Five Things: RSA Conference 2011

Thanks to InfoSec Island I had the opportunity to attend the 2011 RSA Conference in San Francisco, free of charge. It was a unique experience, well worth my time and energy to attend. This week’s blog is Five Things I learned at RSA Conference 2011.

1.       The information security community is huge and diverse. I’ve seen numbers indicating there were anywhere from 11,000 to 20,000 people at the conference. And those attending make up just a small fraction of the information security practitioners around the world. I met attendees from South America, Africa, Australia, … Continue Reading

2011 Information Security Resolutions

Think it’s too late for a New Year’s post? You must not have heard that January 12th is the new January 1st.

I’ve never been one for making New Year’s Resolutions. However, a quick search of the web finds that a lot of folks are. An awful lot of people are looking to lose weight, quit smoking, or get a new job this year. This got me to thinking; what are my InfoSec resolutions for 2011? It sounds like the perfect topic for a Five Things article.

1. Don’t be satisfied with doing things ‘the way we’ve always done them.’ … Continue Reading
   

Five information security trends for which I’m thankful this year.

1. Organizations that have realized the importance of security. Twenty years ago the only people who cared about information security were the government and… well, that’s about it. These days security has become pervasive through just about all industries. Companies have learned that data worth protecting needs to be protected. I remember that in college my social security number was used as my identifier for everything; schedule, report cards, student ID. A friend of mine went to a college which actually used his SSN as his email address (think: … Continue Reading
   

5 Things: Protect your webmail account

The other morning when I started going through my email I saw one from my wife with the subject, “Respond ASAP.” So of course, first thing I did was open the email and see what my wife needed from me:

Greetings,
I am really sorry to disturb you but you have to help me if you can,I had to rush off to Cyprus for something very important but unfortunately for me I was robbed in the cab I boarded and the robbers made away with my hand luggage were i had my air ticket,cash and … Continue Reading

Five Thoughts about Proofpoint’s 2010 Outbound Data Survey

Proofpoint’s 2010 survey once again provides great insights into the trends and initiatives that are top-of-mind for enterprise InfoSec decision makers. This write-up is not intended to be a thorough discussion of all the data included. Instead I have included some of the details that jumped out at me from this year’s report. You can view the entire report here: http://www.proofpoint.com/id/outbound0810/index.php

1

The report begins with a question about what level of concern organizations have with various types of data breaches. The results pretty uniformly point to the simple fact: … Continue Reading

Below are the top lessons I’ve learned while providing information security to enterprises. The focus here is on people and process. None of them are technical in nature. Technology is the easy part, almost anyone can get that part right. Below are lessons I believe differentiate an average information security department from an excellent one.

1

Remember, you exist to serve the organization, not to hold it hostage. I have run into many corporations where information security is the bully down the hall who others simply want to avoid. Customer service is not just for customer service … Continue Reading