Skip Links

Security Strategies Alert

Sign up for this newsletter now!

The long view of security strategies for your network.

Security news and resources from Network World.
Vale Atque Ave
Well, it's been a good run.
See you anon: Reflections on online anonymity
I've never been much of a fan of anonymity. Long-established research in social psychology pointed out that anonymity increases anti-social behavior.
Coping with HIPAA regulations: Electronic faxes
The Health Insurance Portability and Accountability Act mandates reasonable safeguards in communicating patient medical data from one care-provider to another. In this second of two columns on the subject, we look at alternatives to using the old-fashioned fax machines that can accidentally transmit private data to an unexpected recipient.
HIPAA on phones, faxes and e-mail
My wife Deborah Black (light of my life) is a neuropsychiatrist who works at two different clinics. Sometimes patients are referred from one clinic to the other, and the question arises of how to transmit the details of their medical record from one team to the other. 
Homeland Security Digital Library – Priceless resource
The Naval Postgraduate School Center for Homeland Security and Defense (CHSD) is a world-standard institution in information assurance (IA) and homeland security (HS) education. Established in 2003 as a response to the horrific events of 9/11, the CHSD is also the home of a valuable resource for all IA and HS professionals: the Homeland Security Digital Library (HSDL).
Velocihackers and Tyrannosaurus superior
In the early 1990s, I used to write for the paper version of Network World. Recently I was watching the 1993 hit movie "Jurassic Park" and I recalled a column I wrote back then that caused a flurry of comment and that may interest current readers. Here's a slightly updated version of that old column.
Justifying spontaneous computer seizures
In the previous article in this column, we looked at the fundamental exclusion of border-crossing regulations from constitutional protections against arbitrary search and seizure. Today we continue the examination of the issue of arbitrary search and seizure at the borders of the country.
Search and seizure: No Fourth-Amendment rights at Borders
In 2002, the Homeland Security Act established the Department of Homeland Security (DHS) combining a number of U.S. law enforcement andd. The US Customs Service and the Immigration and Naturalization Service contributed to the formation of the newly named Immigration and Customs Enforcement (ICE) and the Customs and Border Protection (CBP) agencies.
Information assurance must adapt to changing technology
The new semester has begun at Norwich University and we've had a couple of class sessions for the IS340 Introduction to Information Assurance course. One of the changes I've made in the last year is that I no longer inflict death by PowerPoint on my students; instead of pontificating at them, I just distribute printouts of the lectures (six slides per page), make the PDF and PPTX versions of the slides available to the students through a folder on the course Web site and guide the students in vigorous discussion in every class meeting. We also use a learning platform (an implementation of Moodle) for online discussions, some tests, and submission of assignments.
COBIT 5: New evolution of COBIT guidance
Ken Vander Wal, CISA, CPA is International President of ISACA. COBIT is the well known framework formerly known as Control OBjectives for Information and related Technology. Mr. Vander Wal contributed the following announcement and I hope that readers will participate in improving COBIT.
NICE Move: Draft National Initiative for Cybersecurity Education
The following is the full text of an important announcement from the National Institute of Standards and Technology (NIST). I urge all readers to participate in the review process. Readers' experience and insights can shape the future of information assurance by ensuring that the cybersecurity education plan conforms to the motto I imposed on the Master of Science in Information Assurance program at Norwich University in 2002: "Reality trumps theory."
Synchronizing software with ViceVersa
Keeping computers and disk drives synchronized is useful as part of a thorough business continuity strategy. The free SyncToy software has problems, as described in the previous column.
Synchronization software: Synctoy revisited
Data synchronization for two tower computers and a laptop is a daily routine for me. MAIN tower is in my home office; SPARE tower is in my university office; Norwich University supplies me with a laptop computer as well. For the last five years, I’ve been ensuring that these computers have the same data by using the Microsoft SyncToy versions. I wrote about my initial experience with SyncToy in 2005.
The BP case: Online reputation management
Recognizing that the surge of media coverage and Internet postings was growing at a faster rate than the oil plumes, BP moved quickly to mitigate the damage began damage control – for its reputation, that is.
Dishonest methods involving online reputation management
Search engine optimization (SEO) to raise the visibility of a specific company or person can involve questionable methods. For example, search engines can be manipulated to trick Web crawlers and increase the visibility of Websites to search engines.
Online reputation management: Manipulating search engines
Online reputation management (ORM) works much in the same way: accentuating the positives and giving the impression of mass approval.
Disintermediation affects reputation
Reviews from satisfied and dissatisfied customers and clients are posted on a wide range of sites on the Web; typing "consumer reviews" as a search term (including the quotation marks) in Google produces over 73 million hits. Some sites specifically address angry posters; for example, Pissed Consumer specifically solicits complaints.
Planes, cats & mosquitos: The power of metaphor
Everyone knows that one of the keys to getting projects planned and underway is to define each project’s scope. Scoping a project, at minimum, is defining the project's purpose, stakeholders, and delivery date, and then determining the time, dollars, and resources needed to get the job done.
Sexting: Loss of control = Embarrassment, bullying & potential prosecution
In the first column of this pair of postings, I introduced a discussion of the widespread and increasing practice by young people of sending lewd text and pornographic photos or videos of themselves to friends – only to find the material being distributed publicly and completely out of their control. Today I continue with thoughts on causes and consequences of sexting.
Sexting: Pervasive cameras + Internet = Autoporn
Got kids? Think they're too sensible to send nude or seminude pictures of themselves to their buddies?
Accessible backups, not recursive backups
Recently my PGP Desktop encryption program suddenly lost its registration information. I don't know why, although it may have had something to do with a series of driver updates, but when the system rebooted at one point, I noticed a registration request from the encryption product. I didn't think much about it until I finished all the driver updates. At that point, I was ready to mount the PGP-encrypted volumes that contain confidential data such as Norwich University student records, client records, financial data and correspondence.
Can you comply with court orders for data from the cloud?
The very nature of cloud storage, and one of its selling points, is that the cloud is dynamic. You only use what you need and shut down what you don’t.
Is your company ready for legal holds and compliance with mobility and the cloud?
It has not been too long since Google lost millions of e-mails and struggled to get most (!) of them back for customers. Amazon recently had cloud issues where they were not able to restore all the data their cloud customers had placed on their servers.
Does your security policy reflect mobility and cloud security?
Recently I was at a technical meeting and overheard a client say that even though this area had just recently suffered a great deal of damage from several tornados, businesses are still very reluctant to develop or test Disaster Recovery Plans (DRP) or Business Continuity Models (BCM).
Is your company ready for 4G mobile connectivity?
We will increasingly see users challenging (in every sense) our ability to protect data – and comply with laws such as the Health Insurance Portability and Availability Act (HIPAA) as the move to mobile computing continues.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Professor of Information Assurance & Statistics in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.

Latest News
rssRss Feed
View more Latest News