Security Manager's Journal: Move to hosted email opens new vulnerabilities
I took somebody's word for something, and I didn't subsequently check it out to my own satisfaction. Result: big trouble. Lesson: always verify.
View ArticleSecurity Manager's Journal: The ins and outs of extending DLP
I love DLP! That's not a statement that would sell a chief financial officer on data leak prevention, but I can show real ROI from our deployment as well.
View ArticleSecurity Manager's Journal: Found: 30 unmanaged servers that shouldn't be
We just found 30 servers that can't be accounted for. Thirty Internet-facing servers with no malware protection and patchy patch histories. I need to take a deep breath and figure out just how bad this...
View ArticleSecurity Manager's Journal: Time to tweak the security policies
Every fall, I conduct a policy review. I think it's a good idea to have this on my calendar, because no policy, no matter how well crafted, is meant to last for all time. New standards arise and old...
View ArticleSecurity Manager's Journal: An admin surfing on a server? That's a big no-no
Security incidents are a complete disruption of my normal day-to-day activities. I love them. I especially like it when they uncover systemic problems we might not otherwise have found out about. We...
View ArticleSecurity Manager's Journal: Siccing MDM on personal mobile devices
We looked into mobile device management (MDM) in 2012, but the time didn't seem right. Now, some 18 months later, things have changed, and MDM is looking more like a good fit for us.
View ArticleSecurity Manager's Journal: Another step toward eliminating data loss
Implementing technology to monitor user and network activity can be an eye-opener.
View ArticleSecurity Manager's Journal: Thousands of dollars in phone calls? Management...
As a security manager, I expect my company to be hit by malware infestations, data theft, denial-of-service attacks and attempts at unauthorized access. I deal with them all as they arise, and they do...
View ArticleSecurity Manager's Journal: Stopping vendors from making us a Target
Thank you, Target! It's a pity that security managers have to capitalize on other organizations' misfortunes to broker change within their own enterprises, but the notorious Target breach of late last...
View ArticleSecurity Manager's Journal: Virtual machines, real mess
It started out as a simple call to the help desk from an engineer at one of our major development centers: Phone calls were being dropped. Soon, similar complaints were coming in from other engineers,...
View ArticleSecurity Manager's Journal: A deal that's too good to be true
My company is always looking for ways to save money. One maneuver -- outsourcing the development of a module of one of our software products -- almost cost us big time.
View ArticleSecurity Manager's Journal: Dealing with the heartburn of Heartbleed
When it was time to write this column, the only thing on my mind was the OpenSSL Heartbleed vulnerability. If you have anything to do with infosec, it was probably dominating your days as well.
View ArticleSecurity Manager's Journal: Taking steps to better lock down the network
The resources on our network have been given too much access to the Internet, and we need to curb that.
View ArticleSecurity Manager's Journal: A ransomware flop, thanks to security awareness
People like to ask the security manager, "What keeps you up at night?" My usual answer: "Employees." And there's good reason. About 95% of the security incidents my department responds to are a result...
View ArticleWho's calling, please?
Some security weaknesses can't be found with a scan or a vulnerability assessment of the infrastructure. As a security manager, you have to keep your eyes open for things that aren't as secure as they...
View Article
