Category Archives: Information Security

February 23, 2017, Google announced they had successfully exploited a known vulnerability in the widely-used SHA-1 hash algorithm. This is important because hash algorithms are used to create digital signatures.

Posted in Announcement, Information Security, Security Breach | Tagged , , , | Leave a comment

Before you can advise management how much time and money you should spend on securing information assets, you should know what information assets you need to protect and how much they are worth to your company. If your organization doesn’t … Continue reading

Posted in Info Security Mgmt, Information Security, Security Breach | Tagged , , | Leave a comment

The other day I was thinking about how I miss David Lettermen’s “Stupid Human” and “Stupid Pet Tricks” segments. Then I got to thinking about some of the bad security habits I continue to run into at IT shops. It … Continue reading

Posted in Information Security, Password Management, User Authority | Tagged , , , | Leave a comment

It’s that time of year again. Budgeting for next year means that you need to figure out how much you’re going to spend on security projects and products.  Of course, in order to determine how much money you need to … Continue reading

Posted in Info Security Mgmt, Information Security, Security Breach | Tagged , , , , , , , , , , | Leave a comment

Not many people realize that IBM i lets you define your own ad-hoc or application-defined special authorities. That’s not real surprising considering that neither the name of the mechanism nor the documentation says anything about special authorities.

Posted in IBM i Security, Info Security Mgmt, Information Security | Tagged , , | Leave a comment

It may surprise a few people, but I’m just not worried about my credit card being stolen. In fact, I refuse to worry about it. That may sound like heresy for someone who is supposed to know a little bit … Continue reading

Posted in Botz Blog, Cloud Security, Info Security Mgmt, Information Security, Mobile Security, Security Breach | Tagged , , , , , | Leave a comment

You are a long-time IBM i (AS/400, iSeries, IBM System i, etc.) programmer and you understand the details of how the system checks authority, don’t you? I bet you don’t! It’s the authority of the JOB that really matters. Why … Continue reading

Posted in IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , | 1 Comment

In a previous post on this topic, I discussed how to calculate the cost of a security-related project and how to compare different solutions for a given security-related project or issue.  I asserted that there are three different aspects that … Continue reading

Posted in IBM i Security, Info Security Mgmt, Information Security, Single Sign-On (SSO) | Tagged , , , , , , , , , , , | 1 Comment

It’s a simple fact. Good security doesn’t just happen. You need to have a very specific set of knowledge to effectively secure your information assets. The knowledge you need falls into five discrete categories: policies, data, people, systems, and events.

Posted in Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , | Leave a comment

CAUTION: RANT ALERT On Wednesday, November 19, Admiral Michael Walters, the head of the NSA made a very disturbing announcement. He said that China and one or two other countries have the capability to launch a cyber attack that could … Continue reading

Posted in Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , , , , | Leave a comment