Tag Archives: security policy

You may have noticed that I often recommend that folks just get started doing a little something to address information security. Don’t let everything else you should be doing get in the way of taking steps to secure your system. … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , | Leave a comment

OR… How to Recognize the Threat in the Seedling You regularly read news of security breaches, right? So why are all these businesses – large and small – getting hacked, cracked, and/or extorted by ransomware?

Posted in IBM i Security, Info Security Mgmt, Security Breach | Tagged , , , | Leave a comment

Verizon’s “Data breach digest. Scenarios from the field.” document includes a description of a successful attack on a water utility running on an “AS/400” (a.k.a. IBM i.)  It describes how a suspected Syrian “hacktivist” group broke into an IBM i … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , , | Leave a comment

Not many people realize that IBM i lets you define your own ad-hoc or application-defined special authorities. That’s not real surprising considering that neither the name of the mechanism nor the documentation says anything about special authorities.

Posted in IBM i Security, Info Security Mgmt, Information Security | Tagged , , | Leave a comment

Hey everyone!  Starting this month I’m going to be writing a monthly article for IBM Systems Magazine’s EXTRA online newsletter. Check out the March installment — Howdy, Partner! The Role of Application Developers in IT Security — for a look … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , | Leave a comment

I recently read an article called The Enemies of Data Security: Convenience and Collaboration, posted by Carl S. Young on the Harvard Business Review website. My experience with academic papers on information security is that most of them don’t deal … Continue reading

Posted in Info Security Mgmt | Tagged , , , , , , | Leave a comment

It’s a simple fact. Good security doesn’t just happen. You need to have a very specific set of knowledge to effectively secure your information assets. The knowledge you need falls into five discrete categories: policies, data, people, systems, and events.

Posted in Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , | Leave a comment

CAUTION: RANT ALERT On Wednesday, November 19, Admiral Michael Walters, the head of the NSA made a very disturbing announcement. He said that China and one or two other countries have the capability to launch a cyber attack that could … Continue reading

Posted in Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , , , , | Leave a comment

Whenever I see a web site or hear a commercial touting how my personal information is secure because “we use encryption,” I just have to chuckle. I guarantee you that Target did — and does — encrypt your personal information … Continue reading

Posted in Encryption, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , | 2 Comments

From the title you might be thinking that the theme of this article is something like “information security is war.” But that’s not it.

Posted in IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , , | Leave a comment