Security's Everyman

Security's Everyman

Sunday, January 11, 2009

Farewell Blogger

After 2 1/2 years of blogging here at I've decided to move on. I finally registered and have moved my blog there. The Security Bloggers Network has already started publishing that feed and soon Feedburner will also. Hopefully you won't have to do anything different to receive the new feeds. Cross your fingers.

I'll try to post a reminder here over the next couple of days. Hope to see you at!

Thursday, January 08, 2009

Security Economics

In tough economic times we all have to watch where we spend money and how we spend it. We can’t let bad financial times or the threat of what may happen keep us from spending what we need to spend to ensure that our data is secure. We can’t be stupid and spend just for the sake of spending, but we also can’t not spend just to save money. Sometimes money has to be spent now to keep from spending more later.

I remember several years ago there was a commercial for Pennzoil with Arnold Palmer. The key line was “You can pay now or you can pay later”. It was in reference to spending a little now to change your oil regularly or pay a lot later when you have to have major repairs. I also saw something today that made me think about this. There is a water line break in Atlanta near my office. It’s been there for about 2 or 3 weeks. You can see where the water is seeping through the asphalt and it’s creating a nice little river flowing down a side road. Of course it’s frozen a time or two and probably will tonight since it’s supposed to get down to the upper 20’s tonight. I assume that it’s not being fixed because of the budget crunch that the city of Atlanta is in but the problem is that soon it’s going to cause a sink hole and cost a lot more to repair. Not to mention it’s going to create a traffic nightmare at a busy intersection and possibly cause injury to someone if they happen to be driving over that spot when it decides to collapse. So in an effort to save a couple of thousand dollars the city will probably end up spending 30 or 40 thousand, wasting lots of water and possible cause someone to get hurt. Of course if that happens then there will be a multi million dollar law suit.

Now that we are in a new year and are looking forward to what we will be able to do and those things that we won’t be able to do we have to plan on selling the really important things more than ever. We need to start now in building our case to management on why we can’t delay certain things. We also need to be prepared to go to them with our list of “sacrificial lambs”. Things that we had planned on doing but are not as important as the “gotta haves”. By doing this we show them a couple of things. One, that what we are keeping is really important and two, that we are willing to make sacrifices in order to get the really necessary things.

Wednesday, January 07, 2009

Atlanta NAISG Meeting #2

We took December off but we're back and ready to roll. Our next meeting will be Wednesday Jan 14, 2009 at 7:00. We're meeting at the MARTA headquarters building in Buckhead at 2424 Piedmont Rd, Atlanta, GA 30324. It's at the intersection of Piedmont Rd. and Morosgo Dr. across from the twin AT&T towers. This is the location of the Lindburgh Station. The meeting will be held in the Bid Room on the first floor. You will have to sign in at the security desk.

View Larger Map

The talk will be given by Renault Ross of Symantec (no sales just knowledge sharing). He will be speaking on End Point Security and NAC. Pizza and drinks will be provided so come hungry.

We're still young and are looking to grow so make plans to join us. Feel free to invite your friends and pass the word along to others. We will be giving away a couple of door prizes as well. If you know that you will be attending please email me (andy.itguy at yahoo dot com) and let me know so we can get a general count for ordering pizza.

Monday, January 05, 2009

More on Failure of Investment

My buddy Jack Daniel pointed us to a new blogger that is worth following. As I was looking through some of his post I ran across one entitled "Failure of Investment". Of course that caught my eye because of the conversations that myself, Jack Daniel (here and here) and a few others had on this topic back in September of last year.

Tim's post got me to thinking again about FOI. I had intended to expand on the concept more last year, but as you (hopefully) noticed my blogging fell off drastically the last few months of the year due to life getting in the way. Now that a new year is here and I'm hoping to get back into regular blogging and what better topic than FOI to start with.

What I want to talk about today is defining FOI at a more granular level.
Failure is measured differently for different technologies. You can't define failure the same for a firewall as you would a host based Anti-virus program. They are different technologies and have to be measured differently. If can even be argued that within the same technology there are different tolerance levels for failure. An AV program that lets a virus through to a workstation that has very limited network access isn't as serious as one that allows a AD server to get infected.

So how do you go about defining failure? It goes back to a security basic. Risk. What is the risk if failure happens w/ a technology at a certain level. This is why it is so important that decisions to purchase and implement technologies not be taken lightly. Don't make a decision based on the fact that it is from a certain vendor. Don't make a decision based solely on price. Don't make a decision based on "ease of use".

You have to know what you are protecting, what the value of it to the company is and what level of failure can each thing handle. If you don't know this then you are going to set yourself up for FOI and a new job search.

Friday, January 02, 2009

Welcome 2009

It's a new year and most people have made resolutions, predictions, set goals or other such things to start the new year off on the right foot. I too have done the same, sort of. I gave up on resolutions years ago. Don't do predictions but do set goals. I also take a few minutes and look around and think about life and what I need to do or can do to make it better for myself, my family and those I come in contact with.

I've set personal goals relating to my marriage, fathering, hobbies, fitness, etc and I'm putting plans in place to make them happen.

At work I've looked at my list of projects and what needs to be done and have prioritized the projects and set dates for the other things.

I'm hoping that this year will be better than last year although I really can't complain about last year. Even with the economy tanking I'm still employed in a job that I usually enjoy. :) My family is doing well and I really can't ask for more and sure don't deserve more.

I've got one goal that I hope to have accomplished by next Monday and that is to find a new calender for my office at work. If I can do that then I'll consider the first few days of 2009 a success.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.