The Security Catalyst

NOTE: due to an unexpected Feedburner error, we turned off the redirect and have begun the process of migrating away. This should not affect you if you are using iTunes - but please check your subscriptions. Thanks!

Sorry if you get this twice.

===Begin Program ===

Welcome to episode 27 of the Security Catalyst Podcast! In this episode, we talk about the new wireless security law enacted by my neighbors in Westchester County, NY; I offer some advice and guidance on compliance (based on my experience) and then set up a case study to help us determine the steps we need to take when protecting our organizations.

The wireless law is an interesting one, and I look forward to leveraging our growing catalyst community to help provide the guidance necessary for this effort to be successful. In that same vein, we start with our security makeover series next week, and will be using the next 10 weeks to examine how to acheive compliance through security. This is a series that will benefit us all - and you will have a chance to be involved!

Based on a conversation I had yesterday, I wanted to pose a situation and then collectively determine the immediate actions we would take. The end result of this effort (over the next few months) will be a series of comprehensive (and validated!) baselines that we can use to shore up our efforts. More importantly, done right, other businesses and people new to security can learn from our experience, too!

I will post additional information and links in the forums -> and we can let the discussions begin!

Discuss Security Catalyst 27 Here
Discuss The First 5 Security Actions Here

Thanks for listening. Please tell a friend about our efforts and encourage them to subscribe!

 

 Episode 27 [27:14m]: Play Now | Play in Popup | Download

In late July 1995, a trial jury convicted Randal L. Schwartz of three felony counts under Oregon’s Computer Crime Law (learn more here). On this episode, we are joined by the legendary Randal Schwartz to discuss what happened to him, how you can prevent it from happening to you, and what we can all do about it in the future.

We will invite Randal back again in the future to talk about perl and application security - but I hope that you are able to enjoy this interview and learn how to protect yourself. The focus is not on the company Randal was working with, but with how broad laws can hurt - and the protections we should all have in place.

Randal has joined our forums to take part in any discussion about how to deal with laws like this, and how we can, as a community, make a difference. I look forward to your insights and experiences: Click here to go to the forums.

In case you missed the teleseminar on Tuesday, the information and discussion has started: Click Here to talk about “Free Security.”

I’d like to know what sites you use for “best practices.” Share your insights here: Security Best Practices

Thanks for listening. If you liked the show, tell a friend!

 

 Episode 26 [33:34m]: Play Now | Play in Popup | Download

Please be our guest at our second monthly teleseminar — tomorrow: Tuesday, April 18, 9pm Eastern. We’re going to be joined by special guest Ron Woerner.

This is the second of the free teleseminar series offered to the security catalyst listeners. There is no cost for you to join in — LIVE — except for the cost of a telephone call (you may incur some long distance charges). You will have an opportunity to ask questions in advance, as well as a chat opportunity during the teleseminar to get a inside look at a hot topic, interesting job or other security issue.

We will be joined by special guest Ron Woerner, who has already shared with us his experiences in developing a successful risk management program. Ron has offered to join us again and share with us his insights on free security resources available to help develop and promote better security in your organization.

NOTE: I am working on implementing an automated system to make registration easier in the future. Hopefully it’ll be in place by the next teleseminar.

We are limited in attendance, so only the first 50 will be able to attend. We have a few seats left, and I hope you are able to join us!

Before I dive right into the meat of my article, I will explain my hiatus. I live in Oklahoma, and recently legislation has been introduced into the Oklahoma house of represenatives that was co-authored by a big information technology company. I’ve been watching it’s development very intently and have been taking appropriate action, attempting to curb the bill from becoming law. Allow me now to explain why I think this is important.
The current anti-spy/malware bill introduced last week on the surface looks like a positive start in combating the perils of using computers. After all, how many of us really enjoy software hi-jacking our computing experience or enjoy our every moment being monitored by a company hundreds even thousand miles away?

Read the rest of this entry »

When I first read the term podslurping, many things came to mind. My second reaction was along the lines of “we’ve known about the risk from USB and portable devices for a while, so what’s new?” Then I finally got around to reading the article and learning from Abe Usher why I needed a different mindset.

It turns out that advancements in USB technology, combined with the improvement of the devices that use USB and the ever-growing storage capacity, in fact, pose a significant potential threat. We focus a lot of time and energy right now on perimeter protections and the like - and yet freely recognize insider threats are more damaging.

Abe Usher got the word out, and now he joins Security Catalyst to help change the way we think about end point security. Listen now to learn how podslurping can affect you - and what you can do about it today.

Learn more about podslurping from Abe Usher at his Sharp Ideas website.

Continue the discussion and learn more about the technologies mentioned in the podcast in the Security Catalyst Forums (click here).

The “Hot Topic” of the week is Certs, Degrees, And Stuff, The Professionalizing of the IT Industry — join in the conversation!
Join us next week for an insightful interview with Randal Schwartz!!

 

 Episode 25 [28:07m]: Play Now | Play in Popup | Download

We seem to live in a world dominated by metrics and statistics. I even fall prey to it from time to time. We all want to claim that we have the most, gained the most, stopped the most or otherwise done something that we can defend with the use of numbers! It’s no different when it comes to compliance.

It’s no secret that I spend a lot of time helping companies address compliance and privacy through risk assessments, policies and developing effective risk management programs. We have had some Security Catalyst podcast episodes that have addressed some of these areas, and we will have more in the future.

The concern I see now is what I call the “whitewashing of compliance” – when a company simply “goes through the motions” to claim they have achieved compliance, when they really have done little, if anything, to truly improve their security posture. Not all whitewashing is intentional – some is the result of too much to cover in too little time combined with the need to show results.

I’ve also started to see a trend where the people responsible for assessing compliance are not fully comfortable with the requirements, and therefore unable to properly assess the different aspects of an organization, and/or take the word of the group responsible for the asset. Think about it, if I come to you asking probing questions about your security – and you know it is for our compliance initiative – you may be inclined to paint a rosy picture for a variety of reasons. And even if you tell the truth, you may seek to spin in the best possible light.

Read the rest of this entry »

On this episode of the Security Catalyst, we are joined by Red Wagner who shares his research on wireless security basics, and the critical steps home and business users need to take to protect themselves. Listen in to learn the 5 steps you can take today to ensure you are more protected at home!

I have been working on a Wireless Security “Basics” eGuide that Red has agreed to help with - and we should have that published by next week for your review and use.

Talk about wireless security in the forums here: SC24 in the Catalyst Forums
Red’s posted question in the forums is here, please answer it if you can: Red Wagner’s Question - Gmail Chat Security/privacy, Opt-out chat logging

Thanks for listening. If you liked the program, please tell a friend. If not, please tell me: securitycatalyst@gmail.com

 

 Episode 24 [27:04m]: Play Now | Play in Popup | Download

Are you a business in need of a security makeover?

Have you realized that you need to address security, but are struggling with where and how to get started?
Do you have a specific issue or concern you would like to be coached on by a leading security expert?
Are you stuck trying to determine which products or solutions are best for your business?

Announcing the Security Catalyst Security Makeover!
Michael Santarcangelo, creator and host of the Security Catalyst, is an expert that speaks on security and privacy issues. He is a trusted advisor to Fortune 500 companies and businesses around the world that helps companies implement effective and efficient security solutions. And now he is offering to be your trusted guide for FREE!
In an effort to demonstrate that security is not beyond the reach of the average company, The Security Catalyst is conducting the first ever Security Makeover! The company chosen for the security makeover will receive FREE coaching and consulting support from Michael for 10 weeks. Even if you are not selected, you can learn how to address security issues in your business by listening to the weekly updates about how a real company handles real security issues.

Read the rest of this entry »

Join me as we start our look at open source email protections by looking at Greylisting. Greylisting is a simple, but highly effective, measure to help reduce spam. What is most promising about greylisting is that it actually provides a great economic disincentive to spammers at a low economic cost for us. OUTSTANDING!

So listen in and learn how you can use greylisting to your benefit and join me in providing cost effective ways to reduce spam.

If you would like to join the Security Catalyst Research effort to implement greylisting, please go to the forums here: Forum Topic (This does require FREE registration)
If you would like to learn more about greylisting, click here to read the whitepaper written by Evan Harris.

The forum question of the week, needing YOUR answer is here: Looking To Get Certified

Thanks for listening! If you liked the podcast, please tell a friend. If not, or you have suggestions for how to improve, please tell me: securitycatalyst@gmail.com.

 

 Episode 23 [21:09m]: Play Now | Play in Popup | Download

This eGuide was co-authored with Identity Theft expert John Sileo (from episode 22). We wrote this with no-strings-attached in response to the complete lack of information in the wake of the devastating hurricane season last year.

Since then, we have distributed literally thousands of copies of this guide to help anyone protect their identity — whether you are faced with a disaster or not. As it turns out, disasters come in all shapes and sizes, and can strike at any time. Taking the time to read this guide and protect yourself is a strong step in the right direction.

Please feel free to share this eGuide with anyone who you think will benefit from it, as a gift from John and I.

Click Here to Download the Free eGuide: Protecting Your Identity in a Disaster