Security Manager's Journal: Two big goals for 2014 budget won't require a lot of money
It's budget season, which means I get to create a wish list of security goodies I'd like to buy.
Mathias Thurman | 09 Sep | Read more
It's budget season, which means I get to create a wish list of security goodies I'd like to buy.
Mathias Thurman | 09 Sep | Read more
After a DDoS attack was discovered by chance, 'later this year' is too long to wait.
Mathias Thurman | 15 Jul | Read more
Maybe I'm an oddball, but I like the action that surrounds a merger or acquisition. I guess I need a little unplanned activity every now and then to distract me from my day-to-day tasks. Whatever the reason, I was excited to hear that my company would be acquiring a small company. It had been years since we had done anything like that.
Mathias Thurman | 03 Jun | Read more
The deployment has already revealed a whole lot of devices that don't meet the criteria for getting on the corporate network.
Mathias Thurman | 20 May | Read more
The company's incident-response plan needs to be updated. That's normal -- no plan is carved in stone.
Mathias Thurman | 06 May | Read more
Our manager finds the time and opportunity to cross a few nagging items off of his to-do list.
Mathias Thurman | 22 Apr | Read more
It's a great thing when a security manager doesn't have to go into battle mode every time a new corporate initiative emerges. When other departments show signs that they aren't putting security last, I can relax a bit. But just a little bit. Even in those cases, I want to have input.
Mathias Thurman | 25 Mar | Read more
Out of the blue, phishing attacks previously caught in the spam filter are getting through to employee inboxes.
Mathias Thurman | 11 Mar | Read more
Our manager's data loss prevention tool flags some incriminating keywords that lead to discovery of a possible criminal conspiracy.
Mathias Thurman | 11 Feb | Read more
An encryption initiative runs into the law of unintended consequences, since the legal department can't search encrypted emails for e-discovery purposes.
Mathias Thurman | 14 Jan | Read more
Some call it "shadow IT," but I am among those who call it "rogue IT." Both terms refer to information technology that has made its way into an organization without proper approval.
Mathias Thurman | 03 Dec | Read more
Is everything a potential security vulnerability? Is there nothing that a security manager shouldn't look at with suspicion?
Mathias Thurman | 19 Nov | Read more
An assessment of the information security department shows that it has a lot of growing up to do yet.
Mathias Thurman | 05 Nov | Read more
When a security manager's company sells software, he can't ignore the potential vulnerability of those products.
Mathias Thurman | 22 Oct | Read more
Our manager has some cleaning up to do after a third party's penetration testing uncovers some disturbing findings.
Mathias Thurman | 08 Oct | Read more