Tuesday, March 26, 2013

Attack Surface

   Last week I did a national webcast with Capella University.  The topic was the Insider Threat.  But my take on this is a bit different than what's usually said on this subject.  I talked a bit about this topic in my post last week.  You can see my slides here.

   As happens in some (perhaps not enough) InfoSec talks, during the presentation we touched on the topic of Risk Management.  In particular, we were talking about how to help keep honest people honest and good people to do the right thing.

   There are all kinds of "formulas" used to calculate, or more correctly - estimate, risk.


Tuesday, March 19, 2013

The Accidental Insider

   This week I did a national webcast with Capella University.  The topic was the Insider Threat.  But my take on this is a bit different than what's usually said on this subject.  You can see my slides here.

   The typical story about insider threat is about theft or fraud.  Here are some recent articles.  This is a real and present danger.

   But there is another category of internal issues... accidents.

Tuesday, March 12, 2013

lnk.shrtnrs (Link Shorteners) and Safety

   Recently I was speaking with a group about online safety.  Keeping to the basics, we discussed two main sources of problems: passwords and clicking on links.  I've discussed passwords a number of times here, here, here and here.

   One great way to avoid problems online is simply to not click on links!  Of course, that would probably render the web all but useless to you (well... I guess you could just type in url's but that would get old very quickly).  You probably followed a link to get to this post.  Actually, you probably followed a shortened link to get to this post.


Tuesday, March 5, 2013

Pro-Hero instead of Anti-Bully

   As I mentioned in my post last week, I recently did an Internet Safety and Tech talk for parents of preschoolers.  When I talk about this and related topics, I always talk about bullying and cyberbullying.

   Unfortunately, the concept of bullying has been around through the history of humans.  Interestingly, the term and specific study did not begin until the 1800s.  Of course, bullying is not just something that happens to children in schools.  My friend Denise Moreland discusses workplace bullying and bad management in her book (buy it here) and blog.

   There have been traditional ways parents and schools have tried to deal with bullying.  I'll discuss those below.  I say "tried" because these methods haven't really worked.  There's also been an anti-bullying movement over the past 10-20 years.  Even with all the media attention this gets, that method doesn't work either.

   I've recently learned of a new approach that I think can work!  It's called Pro-Hero.  Check out this great TEDtalk covering the basics.