what we’re reading, week of 4/27

From around the blogosphere…
With the Swine Flu outbreak spreading companies may have to send employees home, and have them work remotely. If these companies do not have a telework plan in place, employees will not be able to work as normal causing much trouble for these companies. Here are three articles which discuss companies’ plans for such a pandemic.

Zero Day | ZDNet
Reviewing your pandemic plans has just become job #1
Larry Dignan, guest contributor, states that many companies are implementing plans which allows staff to continue working if business offices are forced to shut down. Larry makes the recommendation of checking VPN services—make sure there are enough licenses for all users.

Network World
Swine flu scare shines spotlight on telework
Denise Dubie interviews Chuck Wilsker, president and CEO of the Telework Coalition in Washington, D.C.. In this podcast Chuck explains that businesses shouldn’t wait for an epidemic or even other emergency to establish a telework program.

Forrester Research | ZD Net
Swine flu? What it means for IT professionals
Stephanie Balaouras, Principal Analyst with Forrester Research, explains that companies need to realize current conditions and take measures to protect and continue operations. Employees ought to have access to their applications, data, and communication to remain productive. In survey conducted—what is or will be your workforce continuity / workforce recovery strategy? – 86% answered remote access technologies (i.e. VPN solutions).

CIO…
Network Access Control: Still Hard to Deploy, Users Say
NAC has continued to be on the security scenes for nearly five years now, and no significant solution has been developed. Neal Weinberg discusses the issues and challenges NAC continues to face.

On the ground at RSA 2009

We’ve had some great conversations so far at this year’s RSA Conference. While attendance at the show is down (as has been widely discussed across the web), foot traffic in our area has seen a large increase. Stoppers-by have been equally interested in discussing both the client- and management sides of endpoint security.

In the past three days we’ve enjoyed briefings with Frost & Sullivan, Redmond Magazine, Burton Group, IDC, FactPoint group, 451 Group and Infosecurity Magazine. Looking forward to sharing reflections from each of these conversations in the coming weeks.

what we’re reading, week of 4/20

From around the blogosphere…
Within the last week, much has happened on the West coast during the RSA conference. Our Simon Ford, Rene Poot and Jochen Gundelfinger all went to RSA and represented NCP. Let’s not waste any time and jump right in to RSA’s highlights.

Network Security Blog
Security Bloggers Meetup 2009
Martin McKeay announces the winners of the Social Security Awards—PaulDotCom– Best Podcast Award; SANS Internet Storm Center– Best Technical Blog Award; TaoSecurity Blog– Best Non-Technical Blog Award; Sunbelt Security– Best Corporate Blog Award; Security Incite– Most Entertaining blog.

Emergent Chaos
Security is about outcomes, not about process
Adam Shostack argues Bruce Schneier’s quote, “Security is a process, not a product,” is only partly right. Adam states, “Security is about outcomes, and our perceptions, beliefs and assurance about those outcomes.” To advance the industry one must focus on the outcomes, and not the processes.

The Tech Herald
Live! RSA Conference 2009
Steve Ragan captures the RSA conference moment by moment with descriptions of keynotes, meetings and photos of the event. (Please note, the link is for the 1st day, go to the security tab for the list)

what we’re reading, week of 4/13

From RSA Conference| Security Blogger Meetup…
Yes, Virginia, there is a security community on Twitter
Jennifer Leggio, from ZDNet, discusses the security community boom, especially with Twitter. She also provides some helpful tips for vendors and companies. Follow us on Twitter— @VPNHaus

From Inside InfoWorld…
Will Windows 7 be panned by enterprise IT?
A recent survey done by Kace, a Systems Management Appliance company, reports that 84% of IT pros have no plans to deploy Windows 7 in the next year. Many are saying W7 is shaping up to be similar to Windows Vista—thoughts on this?

From NP-Incomplete…
85% to 95% of all e-mail is spam? Yeah, that makes sense.
Adam O’Donnell, who has recently left Zero Day|ZDNet, gives an explanation of why 9 out of every 10 e-mails is spam. Spammers want to be heard—since filters are stronger today than it was some years ago, spammers mutating their content and sending spam from more locations.

security in the educational sphere

We’ve posted before about security considerations in the classroom, and wanted to point readers toward further reading in that area.

There’s been a lot of recent publicity around a security breach that let loose personal data on 3,400 employees in the Irving School district in Dallas, TX, resulting in large-scale identity theft. From the Dallas Morning News:

District security director Pat Lamb said a woman charged in the case said the information came from a list of names pulled out of a trash bin.

“We still do not know how our records were compromised,” said Lamb, who mentioned that his own name was on the list. “We don’t know if somebody was supposed to shred that information, but it ended up in a Dumpster.”

The Dallas Morning News has also published a timeline of the breach and surrounding communication, revealing the school district’s woefully inadequate response in the immediate aftermath of the breach. This should serve as a reminder that a proper information security strategy in any organization needs to be coordinated on both a technology and procedural level.

For more on this issue, see this article in Security Magazine, featuring NCP’s Rene Poot and Marin Montessori School’s Zarko Draganic.