Is my IT department spying on me?

Is my IT department spying on me?

There’ve been some stories floating around about how to make your IT department spy on you. The advice is good. The question you may be asking is how much does your IT department really know? Or, more directly, is my IT department spying on me?

I can’t answer the second question with certainty. But the first question is a lot. I’ll tell you a story.

Read more

Another reason to block fonts at the proxy

Last week Apple released a bunch of patches up and down its product line. One of the vulnerabilities it fixed in OS X was a vulnerability in its font parser.

In the past you could mitigate vulnerabilities like this by only installing fonts from trusted sources, but since it’s now possible for web pages to transmit fonts along with other content, there’s a limitless number of untrusted fonts out there in the world.

Since it may take a while for all of the major operating systems to shake out all of the problems in their font subsystems, that’s the reason I’ve recommended filtering fonts at the proxy.

Read more

How to rebuild a PC in a hurry

Sometimes rebuilding a PC is faster than trying to fix it, and if you’re dealing with a virus infection, it’s better to rebuild than try to clean. It’s impossible to know if the system is 100% clean after infection–unless you rebuild.

If you’re the family CIO, here’s how you can go about rebuilding a Windows PC in a hurry.

Read more

How to measure the effectiveness of a security program

On a recent episode of Down the Rabbit Hole, Rafal Los and James Jardine asked CISO-turned-CIO Joe Riesberg how he measures the effectiveness of a security program. He came up with five things, which are pretty much how we measure our effectiveness where I work too. That’s a pretty good indicator. Read more

What I did for Mother’s Day

Last month, Rapid7’s Trey Ford appealed to security professionals:

You have an opportunity to be an ambassador. When you see XP out there, have an adult conversation, educate in terms that others will appreciate. Your actions and words reflect on the entire community.

As the family CIO/CSO – look for the smart investment. There are options that will make your life easier. A small investment is a lot easier to stomach than compromised shopping/banking/credit card credentials (or identity theft.)

Read more

The publicity around security is a good thing

On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing.

As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness. Read more

The Phoenix Project: A must-read book for anyone who aspires to IT leadership

After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it.

Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus some I’ve (luckily) only heard about. But unlike Office Space, it has solutions beyond burning the building down. Read more

The old days of viruses

Blogging pioneer John Dominik, inspired by my Michelangelo memories, wrote about his memories of viruses later in the decade. So now I’ll take inspiration of him and share my memories of some of those viruses. I searched my archives, and at the time it was going on, I didn’t write a lot. I was tired and angry, as you can tell from the terse posts I did write.

Read more

The tyranny of consumerization is real

Computerworld cites the Ipad 2 and increasing demand by end users to use such consumer devices in corporate environments as “The tyranny of consumerization.”

This has happened before. And if history repeats itself, the future will be better than today, but the road there is going to involve some pain.
Read more

4 more questions about RAID

Longtime reader Jim ` asked me a few more worthwhile questions while I was procrastinating working on yesterday’s post about RAID. Let’s go to Q&A format. Read more