Tag Archives: security management
It may surprise a few people, but I’m just not worried about my credit card being stolen. In fact, I refuse to worry about it. That may sound like heresy for someone who is supposed to know a little bit … Continue reading
I recently read an article called The Enemies of Data Security: Convenience and Collaboration, posted by Carl S. Young on the Harvard Business Review website. My experience with academic papers on information security is that most of them don’t deal … Continue reading
It’s a simple fact. Good security doesn’t just happen. You need to have a very specific set of knowledge to effectively secure your information assets. The knowledge you need falls into five discrete categories: policies, data, people, systems, and events.
I didn’t come up with the idea for a managed single sign-on (SSO) service. A customer did. When Botz & Associates started security consulting, only infrequently would companies request help implementing SSO. I always wondered why more companies weren’t using … Continue reading
A hot debate over the inherent security benefits of open source software — or lack thereof — has been raging (again) since the “heartbleed” bug came to light last spring. So…..from a security expert’s point of view (yes, mine!), is … Continue reading
Or…How a security expert can fall for a phishing scheme Think no one will target your business with phishing attacks? Think again… This confession is a bit hard for me. Just recently I was the target of a phishing attack. … Continue reading
From the title you might be thinking that the theme of this article is something like “information security is war.” But that’s not it.
OR….. How Jobs Get Authority to Objects Words have consequences. Saying things like “we’re going to tighten security” or “we’re going to remove public (or default) authority” or “we’re going to remove direct access to data” will almost invariably lead … Continue reading
In a recent post I noted that the Target breach once again raised the idea of biometric authentication as means of improving the protection of corporate data. Yet for all of its benefits, adoption of biometric authentication within the IT … Continue reading
Did you ever think that the potential cost of a security breach is overstated by those who want to sell you security software or services? Well, no matter how you add it up, the potential cost to Target during the … Continue reading