Category: Blog

March 3rd, 2009 by John

Please think about attending the FBI Infragard Conference next week in Springfield, Illinois! The cost is ONLY $30 per person, and includes food throughout the day and a nice lunch. This is a great opportunity to hear some excellent security speakers and topical information that is current and helps you in your job.

The Cyber Defense and Recovery Conference:
“Keeping Secrets Safe: Protecting Your Data”
Read More

Posted in Blog

February 28th, 2009 by John

Posted in Blog

February 24th, 2009 by John

From the QCESC Awards Banquet on Friday. I am receiving the Sr. Scientist of the Year award from Pat Barnes, QCESC President. (2/20/2009)

Posted in Blog

February 23rd, 2009 by John

If you want to protect your sensitive data, and it’s exposed to the Internet, you have to choose between multi-factor authentication (MFA) and a basic password. On your internal network you may have additional safeguards in place to keep the bad guys out, but when you have data exposed to the Internet, it should be protected. This means you protect it with tools like encryption when it is at rest, in transit and you strongly authenticate users when they access it. You really only want people who are authorized to be able to log on and see that stuff.

Single-factor authentication would include using a password or PIN to log onto a web application, or your Windows domain when you get to work in the morning, for example. For many users this is quite adequate. If someone steals your password and the worst they can do is screw up your data or see your email and this doesn’t put your company at risk, then your company may do fine with a simple “90-day” policy for changing your password. Two-factor authentication would add another requirement in addition to your password or pin (something you know), such as a piece of hardware (something you have: a key fob or card) or a biometric (something you are: a fingerprint or iris scan). Traditionally, two-factor authentication is implemented by having both basic logon credentials (username/password) and a hardware token that generates a unique code every 60 seconds, that is somehow synchronized with a server on the other end. These two layers of security then are much more effective at only allowing the people you want to connect. Read More

Posted in Blog

February 23rd, 2009 by John

It seems my old boss found a bit of notoriety, while visiting the Quad Cities this past week. [Article Link]

Jeff Botkin was the manager who hired me at John Deere ten years ago. He moved to Denver about a year later, and went to work as a security manager at AT&T. He stopped by to visit us at the office, and we had a few beers during his trip to visit family in the area a week ago. On his way home, he decided to take two 8-ounce jars of the world-famous Boetje’s Mustard in his carry-on luggage. TSA screeners quickly sequestered him, and confiscated this “dangerous contraband”. I suppose it only makes sens, when you consider how dangerous mustard can be. If he perhaps found a way to get the mustard through the steel-reinforced door protecting the cockpit, and into the eyes of the pilot and co-pilot, they may have been very irritated and this may have lead to the luggage shifting in-flight. Read More

Posted in Blog

February 20th, 2009 by John

Tonight is the 47th Annual QCESC Engineers Week Banquet (http://www.qcesc.org/banquet.htm) being held in conjunction with the Henry Farnum Dinner this year. We should have a couple hundred attendees for a talk on the completion of lock and dam 15 at Rock Island, on the Mississippi River. In addition, the Quad Cities Engineering and Science Council will be presenting Jr./Sr. Scientist and Engineer of the Year awards, a Lifetime Achievement award and student scholarships. QCESC is composed of a number of area engineering and science organizations, including the IEEE section that I was chair of last year.

If you decide to come at the last minute, we should have a couple extra places saved, and there may be snow tonight which will lead to some no-shows. Please DO COME if you have an interest. It will be a wonderful presentation, and the banquet is served by the Radisson in downtown Davenport. An excellent event, for only $40. Read More

Posted in Blog

February 11th, 2009 by John

Is it common for security professionals to have their (corporate) day job, and teach/write/speak in their spare time? I have my teaching schedule pretty well laid out for 2009. I will be teaching astronomy (16-week, 4 credit) in the Spring and Fall semesters for Scott Community College, and shorter Summer semester courses for SCC and St. Ambrose. The St. Ambrose course is 8 nights over 8 weeks, starting at the beginning of May, for 3 credits.

In addition, I am in discussions with a company in India to design two graduate security courses for an online university. The titles are, “Information Security Challenges and Solutions (3 sem. cr.)” and “Information Security Governance (3 sem. cr.)”. If the timeline and price is agreeable, I may start on those yet this month. Read More

Posted in Blog

January 29th, 2009 by John

I was on a panel last summer, and I claimed that I felt the most significant impact of a data breach would be the harm it can potentially do to your brand. Working at a company with a very well established brand name, it is important to avoid anything that will degrade it. Loss of brand is somewhat an intangible, but can mean a loss of market share and a loss of consumer confidence. It’s hard to think of a business where data loss or a security incident made public wouldn’t have some effect. This graphic from Ernst & Young seems to underscore that. Read More

Posted in Blog