Secure Design & Operations vs. reliance on Security Software and Signature-based Systems

IT security has never been more critical, the threat so great and IT defenses so inadequate with false assurance of security by throwing money at the wrong resources.  It is our operational security, architecture and design that has allowed these threats to flourish.  Consider these scenarios violating one or more of the Ten Immutable Laws Of Security…

2

PKI Certificate Renewal Strategy: A Simple Cascading Schedule

Designing a strategy for Certificate Authority (CA) certificate renewal schedule can cause some confusion if you don’t understand the relationship between CA certificate renewals to end-entity certificate renewal overlaps.  However, the following these general guidelines can help CA certificate renew easily without shortening the life of the certificates. Let’s take the example of a 3-tier…

0

Driving Safely Online & Legislation of Technology: Mandating Hands-Free Availability Built Into All Vehicles Instead of Disabling or Banning Cell Phones

This 21st century world with its enumerable social gadgets intertwined on the Web make driving hazardous. Our world is accustomed to life on the go via LinkedIn, blog postings, Facebook “likes”, and e-mail in our pockets. Our society is in need of status updates, real-time collaboration, video calls and electronic social gratification both at work…

0

The Value of Certificate Revocation Lists (CRLs) in a PKI

In Internet explorer, inside Tools –> Internet Options –> Advanced there are two controls for revocation checking. Check for server certificate revocation controls whether revocation checks occur for HTTPS connections. Check for publisher’s certificate revocation controls whether revocation checks occur when validating the Authenticode digital signatures on downloaded programs and ActiveX controls. Microsoft’s recommendation as…

2

E-Gov Security Part 3 (Trusting the Cloud)

E-Government continues to grow with citizens demanding more online services daily and the consumerization of IT devices that need access to those services from anywhere in the world.  Threats to these systems can outpace that growth at an even greater rate if government omits comprehensive security planning either carelessly or even willfully out of a need for quick deployment…

0

E-GOV Security (Part 2–Twenty Critical Cyber Defense Controls to Secure Citizen Data & Maintain Public Trust)

The National Association of State CIO’s (NASCIO) & Deloitte released findings from “The 2010 Deloitte-NASCIO Cybersecurity Study” which found that State governments are NOT doing enough to secure citizen data and maintain public trust. In fact looking at the details of this study it’s evident that state governments have more personally identifiable information (PII) of…

0

E-GOV Security (Part 1–Data Loss Prevention)

State & Local Government (SLG) is quickly adopting to demands of 21st century U.S. citizens demanding e-government (E-GOV) services.  With E-GOV comes both the convenience of Internet services necessary to support tech-savvy Cyber Citizens along with the not-so-convenient threat of transactional man-in-the-middle attacks or data theft / loss to profit-seeking malevolent cyber squatters or foreign…

0

Free Microsoft Security Tools

I often get asked where someone can find a comprehensive list of Security tools from Microsoft.  Many tools which may be used by an administrator are not the same set of tools used by a developer or a consumer, but its nice to have a comprehensive list. There are four sites that a good landing…

0