Tuesday, May 7, 2013

New Security Awareness Video: Learn about Cloud Security

SANS just posted a new video that is aimed at educating your workforce on "the cloud" and how they should interact with and secure data that is kept with cloud service providers, whether they're a cloud storage, application or are providing other services.

I think it did a pretty good job in layman's terms, for business users, of explaining what "cloud" is and how to think about managing access for cloud services.

The video is here: http://www.securingthehuman.org/resources/ncsam

Friday, May 3, 2013

"Thinking Long Term can be Short Sighted"

I've been on a kick lately about getting the fundamentals down pat before people should devote significant time to advanced thinking and processes. I admit that it is very tactical, which most people don't think is that sexy. The problem is that if we only focus on the sexy, new advanced things, we lose sight of getting the bread-n-butter security things done. The things that provide 80% of the value of the team to the organization. Things like effective security monitoring, application security risk assessments and compliance programs. These things need to be solid before we can get into things that may provide value, but they're incremental improvements, not wholesale capabilities.

LinkedIn: Thinking Long Term Can be Short Sighted

Image credit: msittig, http://www.flickr.com/photos/msittig/2513955691/, cc