Author Archives: Patrick Botz

I and other security experts have been harping for years on the fact that managing information security is so much more than just choosing the value of a configuration parameter. Information security requires an ongoing business process. It must be … Continue reading

Posted in Announcement, Compliance, Info Security Mgmt | Tagged , , , | Leave a comment

Believe it or not, some commonly-accepted password best practices are probably counter-productive for security in the real world.

Posted in Authentication, Password Management | Tagged , , , , , | Leave a comment

We will soon officially announce a new set of services called TeamSecurity. What are these services, you may ask? They are a collection of three service levels whereby the Botz team partners with your IT team to varying degrees to … Continue reading

Posted in Announcement, Info Security Mgmt, Security Breach | Tagged , , , , , | Leave a comment

Or… Why Your Mid-Sized Business is Suddenly Facing BIG Security Risks An interesting thing is happening in IT security.

Posted in Info Security Mgmt, Security Breach | Tagged , , , , , | Leave a comment

If you want a good introduction to FIELDPROC encryption, Townsend Security just published an eBook that is a great tool for getting started. IBM i Encryption with FieldProc: Protecting Data at Rest provides useful information about FIELDPROC exit point architecture … Continue reading

Posted in Encryption, Info Security Mgmt | Tagged , , | Leave a comment

The other day I was thinking about how I miss David Lettermen’s “Stupid Human” and “Stupid Pet Tricks” segments. Then I got to thinking about some of the bad security habits I continue to run into at IT shops. It … Continue reading

Posted in Information Security, Password Management, User Authority | Tagged , , , | Leave a comment

A common web server setup with an uncommon SSO hiccup Last week an SSO stat! customer called me needing some help. They had the Apache Web server on IBM i configured to use Kerberos authentication, and it had been working … Continue reading

Posted in Authentication, IBM i Security, Single Sign-On (SSO) | Tagged , , , , , | Leave a comment

In the latest version of her well-known IBM i security reference, IBM i Security Administration and Compliance, Carol Woodbury hits the ball out of the park. Not only does the book provide valuable technical information, it also introduces the reader … Continue reading

Posted in Announcement, IBM i Security | Tagged , , , , , | Leave a comment

OR… How to Recognize the Threat in the Seedling You regularly read news of security breaches, right? So why are all these businesses – large and small – getting hacked, cracked, and/or extorted by ransomware?

Posted in IBM i Security, Info Security Mgmt, Security Breach | Tagged , , , | Leave a comment

At the end of April, the Payment Card Industry (PCI) Security Standards Council released version 3.2 of the PCI Data Security Standard (DSS).  A couple changes are noteworthy, even though most were incremental or for clarification purposes.

Posted in Compliance, Two Factor Authentication | Tagged , , , , | Leave a comment