August 30, 2006 - #106

Good Morning:
Another day, another privacy breach. Looks like some hackers got into AT&T's online store (here [1]). That will teach you to by crappy OEM phone equipment online. They didn't mention Cingular, so I'm assuming the breach didn't hit the wireless company and it was "only" 19,000 names. Stay tuned, I'm sure we'll be hearing about a lot more incompetence as more details of the breach are discovered.

In security-land, it seems today's theme is data security. Between Network Computing's spread on protecting data (here [1]) and Karn making the case for encrypting data at rest (here [1]), this is a topic that will be getting a lot more discussion in the near term. I also want to point out the need for both technical and management/selling skills to thrive as a CSO today (here [1]). It's not an either-or type of discussion. If you can't get funding and sell the value of security to the C-suite, then technical skills aren't going to help much. Likewise, all the money in the world cannot fix faulty configurations, ineffective policies, and poor execution. So the answer is both.

I also have to point out a milestone for Security Incite. I've been photoshopped for the first time. An enterprising reader with unparalleled graphics skills stuck the collective heads of myself, Chris Hoff, and Richard Stiennon on a classic BeeGee's picture (here [1]). It's really a classic and very funny. So thanks to whoever took the time to do that. It really lightened up my day. I'm also happy to announce that Rich Lamberti was the first (and only) reader to get yesterday's trivia question, which was of course - the Theme song from Beretta. Don't do the crime, if you can't do the time. Rich, you are the proud winner of basically nothing - except the accolades of your fellow TDI readers.

Have a great day.

Technorati: Information Security [2]

Top Security News

http://www.csoonline.com/read/070106/record-retention.html [3]
Link to this [3]

http://www.informationweek.com/story/showArticle.jhtml?articleID=192300841 [4]
Link to this [4]

http://www.3com.com/corpinfo/en_US/pressbox/press_release.jsp?INFO_ID=246648 [5]
Link to this [5]

http://www.vilabs.com/press/PR-82906-piracy.aspx [6]
Link to this [6]

http://www.networkworld.com/columnists/2006/082806snyder.html [7]
Link to this [7]

Top Blog Postings

http://riskmanagementinsight.com/riskanalysis/?p=16 [8]
Link to this [8]

http://taosecurity.blogspot.com/2006/08/again-external-threat-is-more.html [9]
Link to this [9]

http://www.computerworld.com/blogs/node/3338
[10]Link to this [10]

http://security-guru.blogspot.com/2006/08/dear-bankers-your-vault-is-not-safe.html [11]
Link to this [11]

http://securityincite.com/blog/mike-rothman/blogging-for-the-babes [11]

How not to hype a new CEO
I pretty much came unglued yesterday when reading a press release about Tablus' new CEO. It's not about her or her capabilities, but how PR folks practice revisionist history and figure that no one will call them on it. Well, I called them out because I don't understand how anyone can say MailFrontier (the new CEO's old stomping ground) was a market leader or had worldwide brand recognition. So I vented and now I feel better.
http://securityincite.com/blog/mike-rothman/how-not-to-hype-a-new-ceo [11]

Read yesterday's Daily Incite
http://securityincite.com/TDI-2006-08-29 [11]