Skip the navigation

Recent Security Manager's Journals SMJ RSS

Security Manager's Journal: You Can't Secure Every Home
By chance, our manager discovers that unauthorized network access from remote PCs at employees' homes and elsewhere has been widespread.

Security Manager's Journal: BYOD Planning Gets a Boost
A virtual desktop infrastructure will be the security key to reaching the CIO's goal of allowing personal devices on the corporate network.

A Rush to Judgment on DLP
Our manager has just gotten funding for data leak prevention added to his current budget. But that budget expires in a few weeks.

Sensitive Data, in the Wild
It isn't easy to stop your employees from posting things they shouldn't on social media and file-sharing sites.

Security Manager's Journal: Why would a company not spring for Cadillac security?
Too many corporate decision-makers think it's wise to shore up only the most glaring security weaknesses. But attackers will always be able to find the weaknesses you decided you could live with.

Spending a $10K Windfall Wisely
When you're suddenly offered an unexpected sum to spend on security quickly, you say yes first and figure out how to invest it later.

Security Manager's Journal: Sometimes even managers get their hands dirty
When you have a skeleton crew but a long list of things that need to get done, it just makes sense to do them yourself.

Getting the Most Out of SIEM
The CIO isn't convinced about the value to be derived from investing in a security incident and event management tool. Time to think outside of the box.

Security Manager's Journal: The bad guys are in the house
New IDS detects something horrifying.

Assessing the Company's Apps
A third party peers at our manager's Web-based applications and finds several problems.

Keeping the DMZ Safe
A security manager has to be vigilant about what goes into the exposed portion of the company network, and he has to make sure it's all configured correctly.

Security Manager's Journal: New economic woes lead to deep cuts
Needed security projects get the ax. Can layoffs be far behind?

Security Manager's Journal: Shrinking IT staff leaves security projects in the lurch
Newly purchased security products aren't going to deploy themselves.

The Perils of Enterprise Search
First and foremost, you have to make sure you don't compromise the rule of least privilege.

Security Manager's Journal: Sometimes nothing gets done if you don't do it yourself
Our manager's growing IT department has a lot of new managers, and they want to oversee the actual implementation of security projects. But very little implementation is actually taking place.

Cloud Storage Gets the Ax
None of the SaaS storage vendors at this point have implemented adequate safeguards that will keep corporate data safe.

Security Manager's Journal: Not even security managers immune to FakeAV infection
This insidious malware is hard to root out, which is why it's making a lot of money for its distributors.

Tracking the ROI on SIEM
The company's limited deployment of a security information and event management tool is paying off. But now it's time to convince the CIO and CFO that the payoff is real.

When Email Gets Hacked
An executive's webmail account is compromised, and it contains plain-text passwords for corporate apps.

Security Manager's Journal: Software security comes down to checking inputs
Our manager is surprised how little his company's developers know about making their software safer.

Keeping Our Code Safe
Our manager's company has shockingly little oversight on the security of software code written for it by third parties.

Security Manager's Journal: Helping out the in-house developers
They're working on a Web-based service and want to build in the authentication capability. But why not just use Active Directory?

Developing a Metrics System
Quarterly reports to the CIO will keep him aware of risks in the environment, and hopefully will reduce those risks.

Firming Up Firewall Protection
Our manager's company is trying out the latest generation of firewalls, which offer some exciting possibilities.

Security Manager's Journal: Security that doesn't get in the way
The RSA conference and Disneyland both demonstrate ways that it can be done.

Getting a Handle on Our Data
Improved data handling should be an easy win for our manager, who is especially excited about the opportunity to better protect his employer's intellectual property.

Dangers Under the Rocks
A security manager in a new job is like a gardener assessing the threats that lie below the rocks.

Security Manager's Journal: SOX giveth as well as taketh away
The Sarbanes-Oxley Act is a costly compliance nightmare, but it can help a security manager get what he needs sometimes.

Stopping Stupid Human Tricks
Widespread use of SaaS apps at our manager's new company makes it essential to raise employees' awareness of security risks.

Security Manager's Journal: Coming through for the business
Our manager finds a way to enable iPhones and Android devices to be used on the corporate network.

Buried in SIEM Configuration
The first rule in deploying a security incident and event management tool: Don't make assumptions.

Tightening Up SaaS Security
Our manager's new company uses more 30 SaaS apps, a situation that opens many doors to potential data compromise.

Security Manager's Journal: Assessing the plan for the new year
Our manager ends his first year at his new company ahead of the strategic plan, but challenges always await.

Heading for the Clouds
Our manager wanted a new challenge. His new job at a company that is offering software as a service fills the bill.

Spying, or Something Innocent?
When a log indicates that two high-level executives logged into a tool that they shouldn't mess with, it's time to investigate.

Keeping Things Simple for NAC
The first step toward deployment of network access control is to set up a network segmentation model.

Looking Gift iPads in the Mouth
Our manager's company celebrates stellar earnings with free iPads for everybody, but can all those personal devices be allowed on the network?

Incident Shows IP Still at Risk
Event management software could help, but it's expensive and resource-hungry.

Offshoring: What Can Go?
Our security manager is willing to outsource some things, but others are simply out of the question.

E-mail Shortcut Sounds Alarm
A look at the company's intranet chat board leads to the discovery that employees are getting around the VPN.

Security Manager's Journal: The need for real security in a virtual world
Virtualization, cloud computing and SaaS all carry their own security challenges.

It All Comes Down to Patching
You may have an extremely sophisticated security program in place, but it's all for naught without patch management.

Virtual PCs Need Real Security
The CEO thinks a virtual desktop environment will lessen the burden of PC support costs. But how will it affect security?

iPad Intro Brings a Nasty Surprise
Our manager's company hasn't bought any iPads. So, why are so many of them suddenly on the network?

Security Manager's Journal: Two new rollouts boost security of all company laptops
For the first time, every PC in the company is getting regular backups, and all the data on those laptops is now encrypted.

Initiative Crashes Into Security
The security manager misses one meeting, and all of a sudden the company's intellectual property is about to be put at risk.

Security Manager's Journal: Zero days to infect, but a day and a half to fix
New security policies are moving along smoothly, but a zero-day vulnerability takes a toll.

BYOPC Won't Be a Party for Security
If all employees start using their own PCs at work, security issues could proliferate.

Just Watching Is No Longer Enough
It may be time to supplement the monitoring of the network with endpoint security.

Security Manager's Journal: How do you get funding for security initiatives?
Executives want their security managers to keep the company's data secure, but they don't always want to pay for that.

Delivering a Message to Asia
A trip to China and India is an opportunity to rally the troops on security matters.

Latest Malware Is a Call to Action
Practice tempers panic. But the Google 'Operation Aurora' malware required a few extra precautions.

Security Manager's Journal: Sometimes, you just have to do it
Laying the groundwork is important, but don't neglect to get on with the actual job.

M&A Prep All Goes According to Plan
Good news for security managers: Not everything we do has to involve disaster.

Security Manager's Journal: Conficker worm just keeps on coming

Security Manager Journals Archives 

Not all patches are created equal  12.21.09

A fresh start at a company that gets security  12.02.09

Better Security for Not Quite All  11.02.09

IP Protection May Get Money It Needs  10.05.09

Security Left Out of Another Decision  09.21.09

It Takes a Crisis to Change a Policy  09.07.09

Security Is Late to the Offshore Party  09.07.09

Woes Hang Up New Phone Policy  08.24.09

The Case of the Impossible Address  08.10.09

Data Retention Is A Policy Challenge  07.27.09

We've Been Blind to Attacks on Our Sites  06.22.09

So Far, the Cloud Seems Too Leaky  06.01.09

You Want to Put What on the Web?  05.18.09

Parting the Clouds at the RSA Conference  05.11.09

In the Trenches, as the Threats Evolve  05.04.09

Attention to Conficker Appears to Pay Off  04.27.09

Streamlining Project Approvals  04.13.09

A Rougher Week Than Usual for Security Chief  04.06.09

Layoffs Put Security on the Back Burner  03.16.09

Layoffs Put Security on the Back Burner  03.16.09

Location a Small Detail In Security World  03.09.09

The Economy Takes a Toll on Security  03.02.09

Let's Be Reasonable, And Save Money, Too  02.23.09

Another Delay, Another Black Eye for Security  02.16.09

Some Incidents Can Make Life Interesting  02.02.09

Exploring Disaster Recovery Options  01.26.09

Eyeing Risks While Cutting Spending  01.19.09

Budget Ax Falls on Disaster Recovery  01.12.09

Massive Layoff Is a Security Issue  12.22.08

A security wish list for fiscal 2009  12.15.08

When Is a Patch Not Really a Patch?  12.01.08

Progress at Last, and a New Priority  11.17.08

Getting It All 'Virtually' Right  11.03.08

Looking for the Silver Lining  10.20.08

Making the Most of Time Between Trips  09.29.08

A Major Project Slips Through the Cracks  09.22.08

A Major Project Slips Through the Cracks  09.15.08

Building a Security Org From Scratch  09.08.08

Taking on the DNS Flaw From the Road  08.25.08

If I Were in Charge of the World  08.11.08

A Security Roundup In 20 Minutes Flat  08.04.08

Switching Gears, and Looking Back  07.28.08

For Once, Some Incontestable ROI  07.21.08

Shoveling Sand Against the Tide  07.14.08

Seeking Dollars for Scholars  06.23.08

Discovering Tricks of E-discovery  06.16.08

You Have to Be Reasonable  05.19.08

Getting the Best From an Audit  05.12.08

Framing an Acquisition  05.05.08

When Taking Time Off Is No Vacation  04.28.08

Enough of Being the Bad Guy  04.21.08

Confronting the Application Layer  04.07.08

License Renewal Offers Opportunity  03.17.08

Security Thoughts on Consolidation  03.10.08

Metrics as Tools of Persuasion  03.03.08

A Chance to Hire Causes Some Angst  02.25.08

Never Too Soon to Think Security  02.11.08

Potentially, Relief From Adminisdribble  02.04.08

A Wimpy Worm Tests Response  01.28.08

Planning a Recovery That Isn't a Disaster  01.21.08

An Audit Can Be An Opportunity  01.14.08

Budget Cuts Call For New Priorities  01.07.08

Backing Up on Autoforward  12.17.07

Data Retention Gets a Second Look  11.26.07

A Tough Time to Lose a Staffer  11.19.07

New Tool Pays for Itself Within Days  11.05.07

Security Issues Are Everywhere  10.29.07

Indian Audit Comes With a Silver Lining  10.22.07

If Ever We Step Into the Breach  10.15.07

Did Someone Say 'Extra Money'?  10.01.07

Customer Service Meets Infosec  9.24.07

Road Map Meeting Goes Sideways  9.10.07

Security Crashes Into Productivity  8.27.07

From Russia, With Concern  8.13.07

Ask for Blind Faith and Get Blindsided  8.06.07

Taking a Trip To Policy Hell  7.30.07

Proud C.J. Keeps on Working  7.23.07

Getting the Word Out About DRM  7.16.07

A Funny Thing Happened On the Way to...  6.25.07

Drawn to Vegas by Virtualization  6.11.07

Sometimes, You Just Can't Avoid Politics  6.04.07

Compromise DRM Better Than None  5.28.07

Flood of Virus Alerts Is a Test of...  5.21.07

When Offshoring Comes to Infosec  5.07.07

Filling the Gaps in Application Security  4.30.07

Be Careful What You Ask For ...  4.23.07

Buried Alive by Work, Getting Little Done  4.16.07

Time Isn't Always On Our Side in IT  4.2.07

Doing the Right Thing for Security's Sake  3.26.07

When a Go-to Guy Takes a Vacation  3.12.07

Looking Into What We Can Look Into  3.5.07

Getting the NAC Of Things at RSA  2.26.07

Being Smart About Smart Phones  2.12.07

Another Impetus For IP Protection  2.5.07

Getting Certified and Just a Bit Certifiable  1.29.07

Net Integration Gets Green Light  1.22.07

Laying a New Year's Course for Security  1.15.07

Plugging Holes in Antivirus Shield  12.18.06

Stopping Data From Flying Off to Google  12.04.06

Putting the Brakes on Net Integration  11.27.06

Can a Manager Be a Techie and Survive?  11.20.06

Tackling Security for Mobile CRM  11.13.06

Sometimes a Light Bulb Just Turns On  11.06.06

Enterprise DRM Back to the Fore  10.23.06

Awareness Trumps New Security Toys  10.09.06

Measuring the Value of Metrics  10.02.06

Cutting Through the Fog of Security Data  09.25.06

New Wrinkle in PLM Security Controls  09.11.06

The Auditors Are Coming, but Not Yet  09.04.06

Soaking It All Up at the Black Hat Conference  08.28.06

I Want to Rule the World -- or Run Away From It  08.14.06

Alleged IP Theft Opens Door to Better Security  08.07.06

No Data Left Behind: Dealing With Disposal  07.31.06

Even a Manager's Tech Skills Need Sharpening  07.10.06

No Rush to Give Russian Engineers Net Access  07.03.06

You Can Never Be Too Thin or Too Secure  06.26.06

IP Telephony Push Calls For Rushed Assessment  06.12.06

Saying You're Wrong Can Feel So Right  06.05.06

To Manage the Smart Guys, Set Them Free  05.22.06

Offshore Security Is Out Of Sight, Not Out of Mind  05.08.06

Of Laptops, Caffeine, Nicotine and Chocolate  05.01.06

These Rules Will Keep Users in Their Place  04.24.06

Securing Data When Data Is Everywhere  04.10.06

Using Data We Have to Improve Data We Get  04.03.06

Expecting All-in-One Security Headaches  03.20.06

LDAP Syncing Project Won't Be a Trivial Task  03.13.06

Job Interview Raises Plenty of Questions  03.06.06

Zero-Day Infection Is Headed Off Efficiently  02.27.06

Breached! A Security Manager's Nightmare  02.13.06

Implementing Change Is Never Plug-and-Play  02.06.06

I'll Make Do With My Not-So-Virtual World  01.30.06

WMF Vulnerability Sparks Patch Program  01.23.06

No Rest for Weary Security Manager  01.16.06

U.S. Customs Becomes Latest Security Issue  01.09.06

Rising to a Higher Standard Isn't Easy  12.19.05

Deciphering Options for Laptop Encryption  12.05.05

Open-source to the Rescue Again  11.28.05

An Imaginary DoS Attack Uncovered  11.21.05

How to Get a Job in the Infosec Field  11.07.05

Making the Move From IDS to IPS  10.31.05

Bottom-Up Infosec Trumps Top-Down  10.24.05

PLM Review Needs Security Attention  10.17.05

Quality of Life Influences Decision to Stay Put  10.10.05

Playing Nice With Physical Security  10.03.05

Compliance Focus Leads to Experiment in Cheap Films  09.26.05

Starting Over, With Intrusion Detection  09.05.05

Peers Say Cisco Ended Up Wearing the Black Hat  08.29.05

Intellectual Property Is Focus at New Job  08.22.05

Dealing With an ISO Who's Only So-So  08.08.05

User's End Run Around VPN Leads to New Push  08.01.05

Getting Started on Database Security  07.25.05

IDS Pays Off, Even if There's No Hacking  07.11.05

Eyeing an Opening for Open-Source  07.04.05

Lull in Action Is Time to Tie Up Loose Ends  06.13.05

A DIY Project for Network Security  06.06.05

More Than a Token Overhaul of the VPN  05.30.05

Protecting Consumer Data on the Cheap  05.23.05

Protecting the Crown Jewels  05.09.05

The Cost of Securing the People's Privacy  05.02.05

Firewall Request Gets Third Degree  04.25.05

HIPAA Compliance In 30 Days or Less  04.11.05

Downtime Becomes Documentation Time  04.04.05

Hi-Yo, Silver! Away With Lone Rangers  03.28.05

Security Conference Leads to New Initiative  03.14.05

Finding My Way in the Bureaucracy  03.07.05

Assessing a New App Infrastructure  02.28.05

Disaster Recovery Planned on the Fly  02.14.05

Keeping Wireless Rogues in Check  02.07.05

A Detour Into the Streaming Media  01.31.05

Hollywood Legal Threat Leads to Detective Work  01.24.05

Enough! I Quit!  01.10.05

SecurID Rollout Calls for Planning  12.13.04

The Password Is: Useless (Probably)  12.06.04

VPN Evolution Progressing to SSL  11.29.04

Network Visibility Goal Gets Trimmed  11.22.04

Taking the Leap to PEAP for Wireless  11.08.04

Lack of Control Becomes Nightmare  11.01.04

Sarb-Ox Project Following Script  10.25.04

Expanding Responsibility for Incident Response  10.04.04

IP Telephony Changes Security Equation  09.27.04

Secure E-mail Stops at Corporate Borders  09.06.04

Company Secrets Hit the Exits  08.30.04

Antivirus Service Troubled by TLS  08.23.04

Merger Interrupts Sarb-Ox Project  08.09.04

Singing the TLS Protocol Blues  08.02.04

FTP Server Offers Illicit Goods  07.26.04

Four Steps to a Secure Budget  07.12.04

Spyware Gets Top Billing  07.05.04

Wireless Hackers Leave No Tracks  06.07.04

Worm Lays Waste To IT's Defenses  05.31.04

Security Team Practices Theft by Delusion  05.24.04

Security Policy a Paper Tiger  05.10.04

Back Door Puts Vendor on Hot Seat  05.03.04

Failure to Communicate Dooms IDS Alert Process  04.26.04

Building a Defense Against Complaints  04.12.04

Cheap Scanning Comes at a Price  04.05.04

Reeling in the Security Recruits  03.29.04

Security Tools Search Falls Short  03.22.04

This Is Your Attacker Calling  03.08.04

Overwhelmed by Sarbanes-Oxley  03.01.04

E-mail Gateway Works Too Well  02.23.04

Postmerger Audit Quashes Trust Idea  02.09.04

Developer Tool Kit Raises Backdoor Alarms  02.02.04

Stepping Up to Sarbanes-Oxley  01.26.04

Priority Scheme Aids Prevention Efforts  01.12.04

Snort Enhancements Suppress IDS Headaches  12.22.03

Good Firewalls Make Good Neighbors  12.15.03

Single Sign-on Effort Falls Short  12.08.03

Bad Policy Makes for Weak Passwords  12.01.03

Security Policies? What Security Policies?  11.24.03

SSL Broadens VPN Access  11.10.03

Rogue Access Point Leads to Embarrassment  11.03.03

Hidden Vulnerability Dogs VPN Project  10.27.03

Child Porn Gets by Filters; Feds Follow  10.20.03

New Job Brings Back Old Problems  10.13.03

Mop-up Continues in Worm Aftermath  10.06.03

Layered Defense Falls to Worm Attack  09.29.03

Corporate Network Blasted From Abroad  09.08.03

New Spam Policy: Return to Sender  09.01.03

Knowledge Base Boosts IT Reports  08.25.03

Faulty Rules Foul Router Protection  08.18.03

No Denying New Switch Vulnerability  08.11.03

Data Center IDS Project a Nonstarter  08.04.03

Rogue Linux Installs on the Rise  07.28.03

Arrogance Undermines Best Antivirus Defense  07.21.03

Security Manager's Journal: Mumu Worm Makes a Mess  07.07.03

Corporation Caught In the Cross Hairs  06.30.03

IT Security Confronts New Legal Liabilities  06.23.03

Corporate Security Sweep Uncovers Token Violations  06.16.03

Single Sign-on Stalls as Kazaa Gets the Boot  06.02.03

Security Log  06.02.03

Office Politics Plays Role in Postmerger Security  05.26.03

Reserve Call-up Hits IT Security Department  05.12.03

Merger Security Hinges on Gateway Appliance  04.28.03

The Battle Against Pornography Continues  04.21.03

Directory Glitch Trips Authentication Efforts  04.07.03

Porn Policy Collars a Million-Dollar Customer  03.31.03

Insecure Servers Suffer Image Problem  03.24.03

When Bad Things Happen to Good Demos  03.10.03

Escape From SQL Hell  03.03.03

Corporate Addition Means Reduction in IT Security  02.24.03

FTP Server Offers Key to the Store  02.10.03

Missing PKI Root Key Causes a Panic Attack  02.03.03

Security Problems Put Survey App on Sidelines  01.27.03

Spam Issue Viewed As IT Security Failure  01.13.03

Government Subpoena Sidelines PKI Project  12.23.02

Planning for a Metro-Area Armageddon  12.09.02

WLAN Chase Reaches Endgame  12.02.02

Certificate Distribution Proves a Vexing Problem  11.25.02

Stalking Elusive Access Points  11.11.02

Experts Stumble on PKI Security Project  11.04.02

Merger Blows Out Security Walls  10.28.02

The Security Manager's Road to Perdition  10.14.02

WLAN Wars III: Attack of the Rogues  10.07.02

Attack on Feds: It Came From Within  09.23.02

Starting Over With WLAN Security  09.09.02

No Good Policy Should Go Unbroken  09.02.02

Rogue Nodes Routed as Security Recruits Hired  08.26.02

People Form Weak Link In Transaction Security  08.12.02

Getting Down and Dirty With Intrusion-Detection Systems  08.05.02

Corporate Security Rules Rocked as MP3 Files Roll  07.29.02

Recruiting Effort Draws 'Articulate Incompetents'  07.22.02

Marketing Hijacks Remote Access Initiative  07.08.02

Staff Resignations Put Security Ops in Triage  07.01.02

The Naked Truth About Porn Surfers  06.24.02

Enterprise Application Goes Through Wringer  06.10.02

Cost-Effective Remote Access Proves Elusive  06.03.02

Wireless LAN Install Leaves Corporate Net Wide Open  05.27.02

Company Becomes Culprit In Ongoing Spam Attacks  05.13.02

Proxy Server Serves to Block Porn-Surfing Slackers  04.29.02

Database Wipeout Turns Into Unsolved Mystery  04.22.02

Suspected Code Theft Creates a Forensic Furor  04.08.02

Certification Value More Political Than Practical  04.01.02

Management Software Hits Integration Snag  03.25.02

SNMP Vulnerability Offers 3,200 Reasons to Worry  03.11.02

Authentication Rollout Turns Into Control Issue  03.04.02

The Strange Case of The Phantom Intruder  02.25.02

What Do You Do When You're Nipped by Nimda?  02.11.02

Getting Security Priorities Straight in the New Year  02.04.02

User Indifference Thwarts Electronic Signature Effort  01.14.02

Vulnerability Draws Yawn From Operations  01.07.02

Print