No Book to Be By

In some cases, hiring a project manager is the most sensible thing you can do.   A seemingly can’t miss action that preserves the status quo while getting the organization where it needs to be.   But it is a huge mistake.  This rant is written with all due respect to project managers everywhere, but read on…

Details

My Parents Taught Me to Share, So What’s the Big Deal?

President Obama wants private sector companies to share information about cybersecurity threats  with each other – and the government.  That sounds like a novel idea – and some industries already are doing this among themselves. However, the federal government doesn’t share their experiences with us (“National Security!”), but presumably they do share with each other. The…

Details

Audited and Jaded

A company I know was audited some years ago. One of the findings was that there were no Unix server logs. Over the next year server logging was enabled. The following audit noted that nobody was reviewing the logs.  So the company invested in a SIEM solution and reviewed the alerts.  (Of course, no one…

Details

Plight of Passwords

I read an article recently about how a CISO talked his way out of having an internal auditor write up a finding about weak passwords – which eventually lead to a significant and highly publicized breach. The CISO’s argument was that, by implementing strong passwords, users would end up just writing them down, thereby, weakening…

Details

Be Very, Very Quiet – Your Devices May Be Listening

According to Wikipedia, “The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and cover a variety of protocols, domains, and applications.[1] The interconnection of these embedded devices (including smart objects) is expected to usher…

Details