By Jeff Stanton on 6/19/2006 11:58 AM

If Microsoft were chasing me I would be scared too. Today's news reports that McAfee - maker of individual and corporate antivirus solutions - has released a beta of their new product, code named "Falcon."

Falcon purports to be a security "platform" not just a tool or application. As a platform it appears to be a one stop shop for security protection for computers. In addition to traditional anti-virus functions, the platform provides anti-phishing protection, detects and eliminates rootkits, and a Site Advisor that provides information about contaminated or dangerous websites.

McAfee is developing these welcome innovations in response to the fact that Microsoft has been edging their way into the security product business little by little over the past few years. The great news for small business is that the competition between the antivirus giants like McAfee and Microsoft will drive prices down and create a wider range of features and capa ... Read More »

By Jeff Stanton on 6/14/2006 11:40 AM

OK, now the Department of Energy is having "difficulties" with data security. A "red team" (a security testing group, sometimes called penetration testers or pen testers) was testing DOE security last Fall when they discovered a previous hack in which employee records of 1502 contract employees of the DOE were stolen by a hacker from an unclassified computer system..

This one sounds, at least in part, like a technical security problem, though there are certainly organizational issues here as well. It is strange that the DOE knew about the breach for some months but did not undertake an effort to notify all the affected employees until recently. Neither the DOE Secretary nor his deputy were informed about the breach until recently. A little communication problem, perhaps?

In our research we found that IT departments and IT security groups often had difficulty getting and holding the attention of upper management because the ... Read More »

By Jeff Stanton on 6/13/2006 2:14 PM

At latest count over 26 million veterans had their data leaked by an employee who downloaded data onto a laptop, brought the laptop home, and was the unfortunate victim of a burglary in which the laptop was stolen. The records contained a variety of sensitive information including social security numbers.

As a result of this data theft there has been an expected outcry in industry and government circles about the need for greater security. Unfortunately, most of this hubbub focuses on the wrong issues. Polls show that U.S. citizens are concerned about privacy and identity theft, but primarily in the context of online transactions such as eCommerce purchases.

The VA case is a classic failure of behavioral policy within large organizations and has little to do with Internet security or eCommerce security per se. One of several root causes is important here:

1. The VA did not have a policy ... Read More »