Archive Page 2

25
Oct
11

International Considerations

By John Stengel Leave a Comment
Categories: Risk Management, Security Assessments and Security Training

Pakistan will begin enforcing a ban on VPN traffic. The Pakistan Telecommunications Authority delivered a memo in Internet providers asking them to block encrypted VPN traffic, unless permission is obtained.

The concern is that terrorists will try and hide communications. The reality is, in my opinion, they want to snoop on all traffic. I believe this is the same country that was mad at the USA for killing Bin Laden. Are we to believe that now they are interested in only stopping terrorists?

I believe that companies that operate in the middle east and Asia Pacific regions will have these obstacles continuously added. Proper planning for a dynamically changing remote access solution will be necessary to continue to compete. Products, policies, and procedures will need to be continuously reevaluated in this climate.

21
Oct
11

The Human Side

By John Stengel Leave a Comment
Categories: Internal Risks and Risk Management

When evaluating your company security you cannot exclude the human element of security.  No matter how secure your technology is, no matter how many products you buy if people are involved you have risk.  DLP is one way to mitigate the human element.

11
Oct
11

Let’s Talk Phishing

By John Stengel Leave a Comment
Categories: Security Assessments, Security Training and User Awareness Training

Phishing is one of those most dangerous scams on the internet today.  That is not news to anyone who even casually reads news.  When a phishing attack occurs the purpose is to gain access to critical data by attempting to coerce users into disclosing it.  An even more egregious attack is spear-phishing.  That is when an attack is personal to your employees.

When companies test their security they rarely test for phishing success.  Yet it is extremely relevant.  Not testing for phishing success is really just waiting to get your data stolen. 

Your employees don’t know how to react unless you train them.  You can’t train them until you know where you are weakest.

We offer this as a service to our clients.  Because not one test or assessment makes you secure.  It is through several tests can you really know where your security stands.

10
Oct
11

Communication is Key

By John Stengel Leave a Comment
Categories: Security Assessments, Security Training and User Awareness Training

The number one thing to make companies more secure is often overlooked.  It isn’t the firewall, the anti-virus, the, email filter, or even the 2FA process.  It is communication.

For example, if you encrypt a hard drive.  That is a great thing to do…Then an employee tapes the password to the keyboard because it is too complicated to remember.

If the risks and the process is never properly communicated to employees all the devices in the world will not make you 100% secure. 

Join me in Charleston on October 13, 2011 for a one day training class on how to make security a part of your organization. http://www.xtmtraining.com/trainingform.php

05
Oct
11

Testing for Success

By John Stengel Leave a Comment
Categories: Risk Management, Security Assessments and Security Training

How do you know the smoke detectors in your house work?  Do you assume they work or have you tested them?

How do you know the brakes on your car work?

I believe that if companies spent a small portion of their current IT budget simply testing their security they would have a better handle on their position and what they need to do next year.  Without testing the security, or lack of security, I really don’t understand how they can plan for 2012.

Basing budgets and projects off of instinct and not hard facts is never a good plan.

04
Oct
11

Phishing Attacks

By John Stengel Leave a Comment
Categories: Employee Deception, Security Assessments, Security Training and User Awareness Training

Most companies do not test for user reactions to a phishing scam.  This is a mistake.  Not knowing how a user will react to a phishing attack leaves your company vulnerable.

We offer phishing tests to help our clients protect their assets.  Don’t wait for an attack to occur.  Test for it so we can train your team properly.

29
Sep
11

Security Practices Class

By John Stengel Leave a Comment
Categories: Security Assessments and Security Training

Our Security Practices class in Charlotte starts Thursday afternoon.  This day and a half event will kick your butt on security and provide you with the security blueprint you need to plan 2012.  Don’t miss this high impact high energy event.  Only 3 spots remain.

http://www.xtmtraining.com/trainingform.php

27
Sep
11

When to Outsource

By John Stengel Leave a Comment
Categories: Security Assessments and WatchGuard
Tags:

So when is a good time to outsource a function of IT? I think anyone who has received a call from a Managed Services Company has asked that question of themselves. Some companies absolutely refuse to outsource any function of IT. Others I have seen maybe outsource too much.

Like anything I don’t think there is a clear cut answer. It will depend on the talents of your staff. If your staff is really good at break fix work then higher end functions like firewall management and security should be outsourced. Conversely if your staff is more skilled in the higher end functions than please get the break fix work off their plate. It is unwise to try and do all the work in-house if your staff doesn’t possess the appropriate skills.

Please do not take this as a criticism of anyone’s skills or knowledge level. God knows I am not the one to do a lot of jobs in this world no matter how much I want to. Knowing the limits of your IT team is how you can lead them to what they really want to do. People naturally gravitate towards their skill set anyway. It is the job of the leader to keep the on that path. And outsourcing certain functions of your department is the only way to lead the organization down the correct path.

26
Sep
11

My Switch from BlackBerry

By John Stengel Leave a Comment
Categories: Risk Management

I have recently switched from a BlackBerry to an Android phone.  Since I have been with BlackBerry for 7 years I thought maybe it was time to see what all the buzz was about.  So here is my secure review summary.

While I do see the appeal of having apps on the phones and the accessibility of information.  I have to say the security is atrocious.  Simple settings to protect the phone are just not there.  I can easily hack around all of the security and extract information.  Also it seems so much more complex with Google wanting to force you into their world like wanting you to create a Gmail account.  One example is an employee of ours setup his Gmail account in seconds.  While these features are beneficial to some I really don’t see the appeal in business.

If your company has mobile security concerns stay tuned to this BLOG for an upcoming event as part of the security blueprint series.

23
Sep
11

Security Blueprint

By John Stengel Leave a Comment
Categories: Security Assessments and Security Training

Anyone who as ever started a large scale project realizes the planning can be daunting.  But that doesn’t have to be the case with security.  If you have ever wanted to change your organization to be more security focused you need to first start with the basics, the blueprint.

We are busy with writing and speaking engagements helping companies get their security blueprint started.  It isn’t difficult, you just need to know where to start.

We are conducting our first webinar in this series on Wednesday September 28, 2011 titled The Benefits of Penetration Testing.  Join me to help you start down the right road.  Registration is required to attend.

Register @ http://goo.gl/cWvOv

 

« Previous Entries
Next Entries »

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 37 other followers

LinkedIn

Follow me on Twitter

  • We just wrapped up another week of WatchGuard training in Charlotte. Thank you to all of our students. We are h…http://t.co/QZGehP5j 19 hours ago
  • Google Wallet Hacked Again. Good thing they forced merchants to use it! http://t.co/mSjheLsi 19 hours ago
Follow

Get every new post delivered to your Inbox.

Join 37 other followers