Stories by Mathias Thurman

Security Manager's Journal: Stopping vendors from making us a Target

Thank you, Target! It's a pity that security managers have to capitalize on other organizations' misfortunes to broker change within their own enterprises, but the notorious Target breach of late last year just might get me some things I think my company has needed.

Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.

As a security manager, I expect my company to be hit by malware infestations, data theft, denial-of-service attacks and attempts at unauthorized access. I deal with them all as they arise, and they do keep things interesting.

Security Manager's Journal: Another step toward eliminating data loss

Implementing technology to monitor user and network activity can be an eye-opener.

Security Manager's Journal: Siccing MDM on personal mobile devices

We looked into mobile device management (MDM) in 2012, but the time didn't seem right. Now, some 18 months later, things have changed, and MDM is looking more like a good fit for us.

Security Manager's Journal: An admin surfing on a server? That's a big no-no

Security incidents are a complete disruption of my normal day-to-day activities. I love them. I especially like it when they uncover systemic problems we might not otherwise have found out about. We had one of those this week.

Security Manager's Journal: Time to tweak the security policies

Every fall, I conduct a policy review. I think it's a good idea to have this on my calendar, because no policy, no matter how well crafted, is meant to last for all time. New standards arise and old ones are modified, making some policies deficient. Or a security incident, an audit or some business reality that was previously unacknowledged emerges to demonstrate how a policy falls short.

Security Manager's Journal: Found: 30 unmanaged servers that shouldn't be

We just found 30 servers that can't be accounted for. Thirty Internet-facing servers with no malware protection and patchy patch histories. I need to take a deep breath and figure out just how bad this is and what we can do to stop this sort of thing from happening again.

Security Manager's Journal: The ins and outs of extending DLP

I love DLP! That's not a statement that would sell a chief financial officer on data leak prevention, but I can show real ROI from our deployment as well.

Security Manager's Journal: Move to hosted email opens new vulnerabilities

I took somebody's word for something, and I didn't subsequently check it out to my own satisfaction. Result: big trouble. Lesson: always verify.

Security Manager's Journal: Two big goals for 2014 budget won't require a lot of money

It's budget season, which means I get to create a wish list of security goodies I'd like to buy.

Security Manager's Journal: Suddenly, our firewall audit can't wait

After a DDoS attack was discovered by chance, 'later this year' is too long to wait.

Security Manager's Journal: Acquisitions need early security review

Maybe I'm an oddball, but I like the action that surrounds a merger or acquisition. I guess I need a little unplanned activity every now and then to distract me from my day-to-day tasks. Whatever the reason, I was excited to hear that my company would be acquiring a small company. It had been years since we had done anything like that.

Security Manager's Journal: NAC deployment means better access control at last

The deployment has already revealed a whole lot of devices that don't meet the criteria for getting on the corporate network.

Security Manager's Journal: Plans and processes are made to be revised

The company's incident-response plan needs to be updated. That's normal -- no plan is carved in stone.

Security Manager's Journal: A little housecleaning

Our manager finds the time and opportunity to cross a few nagging items off of his to-do list.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia