22. September 2009 by Bryan Glancey.

  The dripping irony of the financial Crisis is continuing. Amidst ravaged landscape of laid off workers, dismissed disgruntled employees, and dismembered data security teams we find Data Security declining - more exploits, less resources in form of both budget and people to deal with the issues.

  Seems like a Choicepoint perfect storm, intellectual property is roaming in the wild in the heads and cell phones of dismissed employees. It’s too late to work on that to-do list of Data Leak Protection items the day after 100s of employees are sent packing - some with the 8gb USB keys and synced personal cell phone.

   It still astonishes me that enterprise treat security as an afterthought, and find themselves playing catch up after the incident rather then preparing prior. A data back-up  always sounds like a good idea the day your hard drive fails, while the day before it sounds like a pain in the butt.

   Everyone Information security person still employed at a large institution should be in overdrive trying to get protections in place for the next R-Day (Reduction In Force Day ). If nothing else, and given you have no budget, you should run a test group of a free tool like Truecrypt - or evaluate one of the Data at Rest vendors, so when you are able to beg for some budget you can get a program rolled out quickly.

   Everyone in INFOSEC needs to be in overdrive mode during this economic quagmire, need I remind you what the Stones say “Just as every cop is a criminal and all the sinners, Saints” - in this time of despiration people will do things that they woudl not usually do. Your security controls are more important now then ever.

Posted in Uncategorized | Print | 1 Comment »

22. September 2009 by Bryan Glancey.

Here comes my soapbox again. It’s always a joke to me how some so-called ‘Security’ companies can have a total lack for Certification for their Cryptography and call themselves security companies. It’s like saying your grandma is a jet fighter pilot because she saw you playing flight simulator. It’s an embarrassment.

 What about ePO, or HBSS, McAfee’s be all - end all managment console that communicates to all the clients. ZERO certifications, ZIP, Zilch, Nada. What about certifications that cover anything above Windows XP, nope.

Do you know McAfee has NEVER done a certification for FIPS on it’s own? Only through acquisition of SafeBoot do they have ANY certifications. What a joke!

Just so no one says that I’m talkign out of school, here is a copy of all of McAfee’s certifications form the NIST website at www.nist.gov/cmvp

It’s always funny to me how people can spend MIllions of dollars on marketing, but not spend on building a quality product

Posted in Blogroll, Uncategorized | Print | 1 Comment »