Archive for February, 2009
Privacy MakeOver The Essential Guide to Best Practices How to Protect Assets and Foster Consumer Loyalty
Privacy Makeover is a do-it-yourself guide to privacy best practices filled with practical step-by-step guidelines, checklists, procedures, and thousands of dollars worth of policy and document templates. Every enterprise–businesses, not-for-profits, schools, and local government–is subject to state, federal or industry regulations to protect sensitive information and the privacy of their customers, clients, constituents and employees. For example, the FACT Act Red Flags Rule applies to over 10 million enterprises, while the Disposal Rule applies to as many as 25 million. Author Joseph E. Campana, Ph.D., a certified privacy and identity theft risk management professional, guides you through a simple, four-step privacy best practices process with the goal of achieving the protection of safe harbor. When you reach the last page of the book, you can have a reasonable and appropriate privacy-compliance program in place with relative ease by investing a minimum of time and expense.
User Ratings and Reviews
5 Stars Great resource for small businesses
I just completed reading Privacy MakeOver. It is a great resource for small businesses that need a simple, yet holistic program to prevent privacy breaches and protect business reputation and customer loyalty. Most small IT shops at best generally focus on technical information security leaving their organization vulnerable to breaches which are costly and highly disruptive and can even threaten its continued existence. Joseph Campana provides a do-it-yourself (DIY) manual that can save a small business tens of thousands of dollars in expense to establish a privacy breach prevention program. The average breach costs much more than that. Having a reasonable and appropriate program in place also provides somewhat of a “safe harbor” that can mitigate some regulatory and legal risks should a breach occur. The information security guides I have reviewed are too complex for small businesses and have too broad a scope. I know of no other DIY manual for small businesses and highly recommend this book. It even offers a Companion Web-site with access to additional information.
I T Wars Managing the Business Technology Weave in the New Millennium
I T Wars Managing the Business Technology Weave in the New Millennium
I.T. Wars provides a clear path to proper alignment of technology and business, in achieving best results and ongoing returns. The true challenge is in bringing diverse groups of people together from the business and technical realms, in defining needs and making true delivery of solutions. The Business-Technology Weave is an approach that turns everyone and everything into a responsible forward edge. It includes considerations of people, knowledge, communication, corporate culture, attitudes, relationships, content (information), infrastructure, applications, needs, and expectations. It comprises missions with specific beliefs, values, and standards in service to security and growth. The Weave clears political impairments, helps to dismantle protectionism and jealousy, and breaks down departmental “silos.” It opens the way to a future that you define – in preventing the alternative: future’s imposition on you.
What are the liabilities in today’s environment of e-mail, blogs, IMs, downloads, and portable data? Consider: What is being done ‘in the name of your domain’? How best to manage content, in avoiding a glut of information? How can staff best utilize the power of the utilities that are delivered to their desktops? What are the new scales of disaster planning, preparedness, prevention, and recovery? What is your organization’s role in contributing to the surrounding public safety – in securing your own? I.T. Wars begins with a patient, comprehensive exposure of today’s environment and challenges, with equal attention to the Business and IT reader. Whether your organization is public, private, government agency, or association you share in the same concerns: You need a business-driven technology strategy, as well as a business serving one. Now you can develop a vision and pragmatism strong enough to qualify for discussion, planning, and achievement of the best business-technology outcomes.
User Ratings and Reviews
4 Stars How Management and I.T. Can Coexist
I.T. Wars was a very comprehensive book, illustrating how beneficial it is for management and IT to work together. Though at times a little bit too repetitive for my taste there was a lot of good information to be gained by just reading the book. Communication is one of the topics addressed throughout the book. It makes sense to address this topic due to collaboration being a significant part of any business. In addition to communication David Scott also pointed out how problems arise and the best ways to overcome those problems.
Mr. Scott addressed change as being the inevitable and something that should not be feared. In the first few chapters in the book he points out that it is important to first address where you/your company is. Before any problems can be solved you should know where you are so that you can take the proper steps to move forward. One of those steps is to educate your employees.
In addition to educating your employees, Mr. Scott also addressed actual understanding of your employees and the classifications that they can fall into. He makes good points about speaking to people in terms that they may understand. Overall I found his book to be very insightful and beneficial to read.
5 Stars Managing the Weave
Managing the “weave” between business and technology is no easy feat. This book provides excellent application to everyday challenges IT managers encounter while following a common sense approach. Just a few of the concepts covered in this book include:
1. Teaching the significance of “selling” your ideas to those in charge to jumpstart change
2. Stressing the importance of a proactive IT department
3. Dealing with criticism within the context of the IT setting
4. Recognizing that the threat of an electromagnetic pulse could stifle the world as we know it
All of these topics and many more are presented in a logically progressing, fundamental concept building order that is easily understandable and applicable to both ends of the business and information technology spectrum. I highly recommend this book to anyone who has business/I.T. interactions on a regular basis.
4 Stars I.T. Wars: Managing The Business-Technology Weave
I.T. Wars: “Managing the Business-Technology Weave in the New Millennium” by David Scott. This is a very interesting book, while combining all the business and technology tasks, in the end almost all the business activities realized in a company are supported by the I.T. department. Making the all the tech specialist essential for the company.
Some of the most interesting chapters were: Delivery – Project By Project, Business and IT: Who Does What, Why, and When?, Managing People in the Wave – The Challenge to IT. All these chapters are concerning the importance of IT in today’s business world. The one thing that I especially liked was a view to managing those around you: Those you work on: people in the IT reporting to you, those you work with: Co-workers and those you work for: your supervisors. Every person in all these categories is essential and has their own responsibilities in the IT process.
4 Stars Getting IT and Business on the Same Page…
I.T. Wars by David Scott is an intriguing book that aims to bridge the divide between business and technology people within the workplace. He illustrates how both groups are in the same boat and must work together to conquer the many challenges that arise from the ever-changing world of technology.
Change is a continuum, and managers must be fully prepared to effectively plan for, implement, and support projects that will affect the business as a whole. Scott emphasizes the need for communication among several key groups of people, including IT, Business, and the end user.
Scott also provides insight into numerous other issues faced by business. The book teaches us how to effectively manage personnel, maintain the integrity of a company’s security, the importance of a disaster recovery plan, how to deal with negativity, how to effectively give criticism, etc. The book is written in a way that’s easy for any business professional to understand, no matter what their role is in the business. It’s an easy read that’s definitely worth the time.
3 Stars I.T. Wars ….. Lucas would be pleased
Mr. David Scott’s book “IT Wars: Managing the Business-Technology Weave in the New Millennium” is a decent book that covers almost all aspects of both project level efforts and daily business interactions between the Business side of companies and the “back office” IT functions that provide the backbone support of any modern organization. Although much of Mr. Scott’s writings are directed primarily at the technology sector, much of the project management and coordination factors that Mr. Scott discusses could be applied in almost any business or project environment. Communication, observation, self-analysis, goal-setting, problem-solving, etc. are all aspects of modern business and human life in general that each and every person should strive to perfect in their business and personal lives.
One of the primary concepts that I found quite relevant to my business and personal lives, that Mr. Scott covered throughout this book, was the concept of “change as a continuum” or the simple fact that change is a process and not a destination. Too often, people(companies) begin to make changes to their lives(business) based on some external pressure; but once they have implemented the change or the external pressure has been removed, they stop the process altogether or revert back to old habits and go about business as usual. Treating change as a milestone in this manner will often set people(companies) up for future disaster, in the event that some peraonal tragedy(or catastrophic disaster or security breach) occurs. As with any muscle, the “change muscle” requires constant workouts to maintain proper tone and balance.
One complaint that I do have for this book is the seeming repetition of topics at times. Although I cannot specifically point to any particular passage that is replicated more than one place in the book, there were many instances in the book where I felt I had already read the material and did not gain any additional insight.
All-in-all, I found the book to be quite enjoyable and informative.
Captured fugitive suspected in ID theft – NJ.com
Authorities captured a fugitive yesterday in Las Vegas allegedly connected to an identity-theft ring that tried to drain more than $20 million from bank accounts across the nation, including thousands in New Jersey
Perfect Passwords Selection Protection Authentication
Perfect Passwords Selection Protection Authentication
User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords (like password) that anyone could guess, while system administrators demand impossible to remember passwords littered with obscure characters and random numerals. Author Mark Burnett has accumulated and analyzed over 2,000,000 user passwords, and in this highly entertaining and informative book filled with dozens of illustrations reveals his findings and balances the rigid needs of security professionals against the ease of use desired by users.
All of us remember when we first started with computers or the internet. We quickly learned that everything seems to need a password so to cope with that, we develop a password strategy. But statistics show that most password strategies aren’t that great and are in fact so often predictable that crackers too often crack them in a matter of minutes. Some companies might assign you completely random character sequences but how many of those do you ever remember without writing them down? Some companies might force you to select complex patterns that include numbers and symbols, but a dictionary word followed by one or two numbers is the most common password pattern. Some companies force users to change their passwords so frequently that users end up with highly predictable patterns. But users aren’t to blame, it’s just that no one has taught them how to cope with strict password policies. This book will teach you how to cope with the world of password policies, password crackers, and human predictability. It teaches specific password patterns that will meet even the most unyielding security policy requirements but that users will remember in a snap. If you deal with passwords, you need this book.
User Ratings and Reviews
4 Stars make a method for making a strong password
Burnett points out how many passwords that users choose are surprisingly vulnerable to a good cracking program. Other than a truly random choice of symbols. The main problem with the latter is remembering it.
Anyhow, the main point of the book is to remember a method of making a strong password, rather than remembering the password itself. As to what might constitute such a method, he gives numerous examples. With the obvious advisory that you do not actually implement any of these methods, but make your own.
5 Stars Great, quick read
Mark has made a great, quick, must-read book on passwords. I had read a few chapters of it before it was published (my quote is on the back cover), and liked it, but the overall book should be read by all system administrators. It contains commonsense, practical advice, just more of it than most of us have thought about alone-all in one place.
I think every system administrator will see one or two of their own personal passwords in the book…which is a wake-up call.
I was able to quickly read/skim the entire book, pull out all the useful tips in under an hour while my daughter was getting her braces tightened. A complete slow read would probably take a day. I think all system administrators should buy and understand this book.
Roger A. Grimes
4 Stars Quirky, but very useful…
Mark Burnett has probably spent more time thinking and investigating passwords that either you or I. He takes all his accumulated experience and wisdom and offers it up in the book Perfect Passwords – Selection, Protection, Authentication.
Contents: Passwords – The Basics and Beyond; Meet Your Opponent; Is Random Really Random?; Character Diversity – Beyond the Alphabet; Password Length – Making It Count; Time – The Enemy of All Secrets; Living with Passwords; Ten Password Pointers – Building Strong Passwords; The 500 Worst Passwords of All Time; Another Ten Password Pointers Plus a Bonus Pointer; The Three Rules for Strong Passwords; Celebrate Password Day; The Three Elements of Authentication; Test Your Password; Random Seed Words; Complete Randomness; Index
If you’ve been around computer systems for any time, you’ve heard the conventional wisdom on creating secure passwords. And regardless of how many times it’s said, you still get users picking the word “password” for access to the payroll system. Burnett has created an easy-to-read, easily-understood guide on how passwords work, how passwords are usually chosen, and why most of those methods are really bad. But rather than just be gloom and doom, he also presents a number of techniques for generating long passwords that are easy to remember but that will resist virtually all efforts at password cracking. For instance, passwords of 15 to 20 characters with a mix of upper case, lower case, numbers, and special characters are resistant to every known form of cracking attempt (even rainbow lists). But how do you pick a word or words that meet that criteria? Maybe you use rhyming (poor-white-dog-bite) or repetition (2bitter@2bitter.com). Visualization is pretty good, too (Frozen banana in my shoe.) The phrases are nonsensical, but that’s why they are not “guessable”. And the diversity of the character set coupled with the length of the phrase means that the permutation possibilities are astronomical and can’t even begin to be brute-forced with today’s technology.
I’m not sure you could get every user in your company to read the book, but it’d be worth trying. It’s a fast read at only 180 pages, and they could even benefit just by making sure their password isn’t in the top 500 list. 
3 Stars Good Thoughts, But Not So Much
Mark Burnett’s book appears to be the work of someone who has been in the security business for 10 years, been to a few lectures, seen lots of password policies, maybe even taken a class or two; but didn’t understand some basic concepts. Bad guys may be baffled by the passwords someone creates by this book, but only if they’re stupid. Most people aren’t, and anyone who has spent any time understanding the math or the way people pick passwords won’t be fooled too much by Mr. Burnett’s suggestions. This book does have some merit in that it does educate the reader in basic security, but don’t bother spending more than $5 for this book. You can get pretty much the same answers by googling around for an hour or so.
4 Stars Passwords are surprisingly interesting
I never thought I would find a whole book about passwords to be interesting, but I really like Mark Burnett’s Perfect Passwords. This short book (134 pages without the appendices, which can be ignored) is remarkably informative. I recommend anyone developing password policies or security awareness training reading Perfect Passwords.
The book is unique because the author bases many of his recommendations on research, not theory. He says that over the course of his consulting career he has collected somewhere between 3 and 4 million passwords. (This seems somewhat suspicious, but I suppose dropping the usernames would make that practice acceptable.) By performing statistical analysis on those millions of real passwords, the author knows exactly what makes a bad password.
Perfect Passwords does a good job dispelling common password policy myths. I was glad to hear him report that changing passwords once a month is a stupid idea. A weak password is not “protected” by a monthly change, since it can be broken in a matter of hours. Instead, use 15 or more characters in passwords, and change them less frequently (perhaps every 6 or 12 months, depending on sensitivity).
The author also rightfully criticizes “secret questions” and stand-alone biometrics. Both systems suffer an important flaw: “the answer to the question is usually a fact that will never change,” like the make of your first car or your fingerprint. If secret questions must be used, add a three-digit code to the answer. With biometrics, always accompany them with a password.
I had no major problems with Perfect Passwords. I did think that 21 pages of words in Appendix B and 16 pages of numbers in Appendix C didn’t serve any real purpose. I thought the hand-drawn figures seemed really weak in places (Figure 3.1 is a lawn sprinkler?). One mathematical note — pp 43-44 discuss combinations vs permutations. With permutations, it’s important to note whether a number can be selected repeatedly, or only once. With a lottery (the book’s example), numbers are usually selected once. So, the permutations for a three digit lottery yield 10 * 9 * 8 = 720 possibilities, not 1000.
Overall I liked Perfect Passwords. This is a great addition to any security professional’s library, and it contains many sound suggestions.
