Just when you thought it was safe to go to the mall

A new ISACA white paper warns of the risks of bad guys combining GPS data and PII to target victims.

Ripped from the headlines. Oh, the drama

Cybersecurity goes unchecked at most small businesses. Really? Only small businesses?

Integrated security reduces health IT data breaches. Single source vs best of breed?

When freedom's not free at the State Department. Big Brother is watching, and he's not your friend.

Informal survey

Which of the following represents a greater threat to your organization?
a. Rootkits
b. Insiders
c. Mobile devices

Dog bites man

Another new survery, another yawn. The latest poll reveals that email main source of data leaks in organizations. This is largely due to policy violations. Policies are good, but they don't trump human nature. I suspect even the best awareness training isn't sufficient to slay this beast. One benefit of these surveys is that they get companies in the news.

Security Takes a Vacation

Well, I just returned from vacation at a fairly remote part of Cape Cod. So remote, in fact, that Internet access, and frequently cell access, was a faint dream. Still, because I had a compelling urge to check email, especially work-related, I’d head out to one of the distant coffee shops that offered FREE WIFI. I figured it was worth the price of an over-priced, acidic cup of joe to find out what was happening at work, put out any fires that ignited while I was gone, and practice a little CYA, too.

As luck had it, I couldn’t connect to any of the hotspots; or to be more precise, I connected, but couldn’t get Internet access. Fortunately, or not, there were several unprotected wireless nets around. Because this is a vacation area I made a knowingly false assumption that the local town or Chamber of Commerce provided the access. Thus deluded, I blithely accessed all my email accounts over the Web.

So, what was the risk? Was someone really going to hijack my sessions? Probably low, and probably not. But still, the thought lingered as I guiltily checked mail and did a little surfing. And will I do it again? Probably yes. I’m not sure that the advertised hotspots are any more secure than the unprotected ones the PC discovers; just as I’m not sure that labeling a wireless net as “public” means much. Nothing like living fast and loose, huh?

Another day, another hack

So, another big name site's been hacked, and names and PII allegedly taken. This time it's the Intelligence and National Security Alliance (INSA). This is news, but it's becoming old news.

SIEM Is Dead

So, a new survery reveals that 65% of security professionals say SIEM is dead. Evidently, relying on log file analysis isn't sufficient to keep on top of who's doing what. I'm sure it has nothing to do with the time, effort, and cost of set up and management. Still, if anyone's interested in writing a book on SIEM, let me know.

So, how insightful is this?

CSO magainze has a little piece on a minor hacker who opines that "good liars undermine information security." Okay, so don't liars undermine just about everything?