Managing PeopleSoft Security

Managing PeopleSoft security is an important component of managing your system. We find that system security is oftentimes an afterthought, especially during an implementation or an upgrade. This can result in security being perceived as an obstacle by users rather than a positive system module. Read more

A Suggested Soft Skills Training Program

The Problem

Companies expect employees, especially those in the mid-Manager- and Director-level positions, to be independent thinking, creative resources capable of prioritizing and managing their time to further the goals of the organization. While most employees feel they work hard, and most do, the sad truth is very few have the soft skills necessary to work efficiently. As a result, most organizations are rife with the exclamation “there’s just so much that I need to do” and a sense of continuous crisis. That’s not even getting into the quintessential “IT geek” stereotype where human interaction is an awkward and unwelcome process on the best of days. Read more

Marketing Security through the KISS Principle

As we know from our own life experiences, at times we need to be sold the idea that we need or desire a product, hence the birth of marketing. For those of us that are security practitioners, we are constantly challenged with finding the right method to get our message out to our organization. Ironically, it’s somewhat of a marketing problem and not at all unlike our own life experiences. The irony, of course, being that the social interactions of marketing are typically considered to be at the opposite end of the spectrum from the rigorous technical security safe guards we find ourselves preaching to our user base. And those sharp contrasts make the selling of security to our users a poorly executed process. Read more

Yet Another “Good Password” Article

There are a myriad of articles on the web about picking good passwords; just go to Google and type in ‘how to choose a good password’ and you’ll get 127 million hits (seriously). Yet despite that, it amazes me that people still make poor choices when it comes to password strength or choose to use the same password at multiple websites. Is it that they don’t care about security, don’t understand how to be secure, or is their lack of security born of an ignorance that bad things can happen to them?

For those who aren’t familiar with the Gawker Media hack back in December of 2010 I’ll give you a quick recap; Read more

Social Media #FAIL

While most companies are moving or have already moved into the social media space, it is a new venture for most companies as well as their employees. The benefits of social media have been well publicized, so I won’t go into them here, but what have not been well publicized are the risks of using social media for individuals. Read more

A Different Take on Risk Assessment

First off, this is long winded, bear with me while we cover some foundational concepts first…

A few weeks ago, I was asked to present alongside Splunk at the Gartner Security & Risk Management Summit in Washington DC as one of their customers and offer a view into how we’re using Splunk. Just having purchased Splunk and started our implementation a few months ago, I wasn’t quite sure exactly how we would present a true “success story” as we’re still very much in the deployment phases of the product. Read more