Stories by: Jon Espenschied

+

Getting to governance 08 July, 2008 11:30

Looking over his glasses with a librarian's stare, an executive recently told me, "You IT people love the word 'governance' but it just seems too..." His voice trailed off as he searched for a way to tactfully convey his sense that "information governance" was a linguistic wedge designed to throw open the doors of board-level access for unkempt geeks and helpdesk managers. Instead of "governance," more comfortable phrases were suggested: "information policy board," "data management" or perhaps "IT steering committee."
+

Four signs your security program's gone too far 25 June, 2008 10:34

When risk is present it calls for treatment, and security is a never-ending process... right? Yes, but as a security professional, it's easy to become focused on the hard problems (download PDF) of security -- falling into the arms race for more, more, more security controls -- and lose sight of the impact of the controls themselves.
+

Five free pen-testing tools 28 May, 2008 09:04

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.
+

Security ahead of risk at the border 06 May, 2008 08:27

News continues to worsen for business travelers carrying sensitive information. In a troubling ruling by the Ninth US Circuit Court of Appeals, US Customs and Border Protection (CBP) can continue its practice of warrantless searches through computer data held by US citizens and foreigners alike. With no cause or suspicion, the CBP may inspect, copy or seize data devices carried by anyone returning to the US. I'm not convinced that passive compliance is the best response to this situation.
+

A spring cleaning for security 22 April, 2008 09:46

This month marks two years of "In Security." Over the past year, some of my more popular columns have dealt with data aggregation and theft, the limits of risk management, getting along with human resources, how to spot and handle rogue security staff, encroachments on personal privacy, and the humor we find in the nonsensical things we hear from security consultants and the consulted. Sometimes it's the laugh of recognition; sometimes it's the laugh right before everyone looks away nervously and changes the subject. In either case, it's worth taking a look back before considering what's next.
+

Phishing in the backyard 08 April, 2008 08:16

The best phishing e-mail I've seen recently purported to come from none other than the head of the FBI. "Robert Mueller" was offering to ensure the safety of a money transfer from a confidential third party, if only the recipient would provide her or his bank information in an official-looking form.
+

Four good reasons for Security to talk to HR 20 March, 2008 10:01

Neither information technology nor security managers fire people in most organizations. That plain reality seems to escape some in the industry, where offended security administrators declare that disabling the anti-virus program is grounds for demotion or an IT manager finding unlicensed media makes arrangements for someone to make the cardboard box commute.
+

Privacy and piracy: What are we telling the kids? 27 November, 2007 09:09

I can't find much difference between the Motion Picture Association of America (MPAA) members' business model and a band of large-scale ticket scalpers, but lately they and their music-industry cousins in the Recording Industry Association of America (RIAA) are exhibiting the collective cojones of a bank robber demanding change for the getaway car's parking meter.
+

Security and the One Laptop Per Child sensibility 13 November, 2007 10:26

If you're one of the many people itching to try out a certain funny-looking green portable computer, your moment is at hand. The One Laptop per Child project's OLPC XO device went on sale to the general public on November 12 at 6 a.m. ET -- albeit only for those who want to make a "buy two, donate one" deal in the process and only for a couple of weeks.
+

Ghosts in the machine, spooks on the wire 30 October, 2007 10:43

On the Internet, there's always a ghost in the room -- watching you, listening, recording your activities and interests, aggregating profiles or categorizing you, and whispering secrets and lies about you to others again and again.
+

The DMZ's not dead 17 October, 2007 10:38

When the "Exchange Ranger" came for a visit at a client site, his advice set the ball rolling for a much-needed upgrade from Exchange Server 2000.