Category Archives: Security

The previous article introduced security audits, which are actually audits of security specifications. There are many potential sources for security specifications. Some of them are government standards. For example, in the United States, HIPAA, the Health Insurance Portability and Accountability … Continue reading →

In conversations with large companies and small companies, literature review and looking at best practices for security, one of the most common tools that essentially everyone uses is a security audit. In most cases the security audit is performed regularly … Continue reading →

The password managers we discussed in the last post are a good start. If you only use one system a local password database is all you need. Most people have multiple “devices” – a PC, a laptop, a smartphone, a … Continue reading →

The previous post looked at written passwords – let’s now look at electronic passwords: Instead of writing passwords on a piece of paper, you can save them on the computer. The most obvious way to do this is with a … Continue reading →

Our last post introduced The Yellow Sticky of Doom. Talking with security experts about the Yellow Sticky of Doom shows that the situation isn’t entirely bleak. They agree that posting notes on a monitor – or the bottom of a … Continue reading →

The previous post looked at man-made physical threats. We now get to what I consider the greatest threat to computer security: the Yellow Sticky of Doom! Passwords written down on yellow sticky notes. These are everywhere. What is the difference … Continue reading →

The previous post considered forces of nature – we also have man-made threats: Where Dennis the Weatherman is a proxy for all the threats nature can pose, Joe the Backhoe Operator is a proxy for man-made threats outside the data … Continue reading →

We last looked at an inside threat – now let’s consider some external threats: Dennis the Weatherman is a proxy for the threats that nature presents. Superstorm Sandy is a recent example of the power of weather. Some places received … Continue reading →

The previous post looked at users and the unintentional threats they can create. Now let’s get hands-on with the systems: Dave is responsible for adding, upgrading and repairing systems. Without Dave, things will quickly go downhill in your data center. … Continue reading →

Unlike Sam the Disgruntled Employee from our last post, Sally doesn’t have an evil bone in her body. She is dedicated, hardworking, helpful, and committed to doing a good job. Unfortunately, she doesn’t completely understand how the system works, and … Continue reading →