10 Things That Used to be Good Ideas in Data Security
By Mike Winkler
()
About this ebook
Data security has two objectives and only two: To keep our company’s assets safe from improper users, and to make it available to the proper ones.
We continually make the same human nature mistakes again and again in pursuit of these two deceptively complex objectives. In 10 Things that Used to be Good Ideas in Data Security, author Mike Winkler discusses how we let old ideas, some of which used to be good, keep us from making the right decisions; social inertia meets the pace of unending change. Data sec is a huge puzzle; a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.
Mike Winkler
An engineer by day, Mike Winkler spends his free time creating new universes, imagining “alternities,” and crafting truly original characters. His adventures are large-scale and centered on human relationships, even if the characters are very tall lizard men, immortal warriors, or ultimate weapons at the end of time.When not constructing stories, he’s building solar power systems, practicing yoga, chowing down on a hamburger while surrounded by vegetarians, or off playing games with Meg. His writing portfolio includes a variety of fiction and technical works.Mike has been photographed with the likes of fellow author and partner Meg Winkler, various people in costume, and the Rosetta Stone. If he could meet any person, living or dead, he’d travel back in time to meet Winston Churchill on his worst day.
Related to 10 Things That Used to be Good Ideas in Data Security
Related ebooks
Speaking Their Language: The Non-Techie's Guide to Managing IT & Cybersecurity for Your Organization Rating: 0 out of 5 stars0 ratingsStay Cyber Safe: What Every CEO Should Know About Cybersecurity Rating: 0 out of 5 stars0 ratingsPrivileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsJourney to becoming an Information Technology Leader Rating: 0 out of 5 stars0 ratingsNavigating the Cybersecurity Career Path Rating: 0 out of 5 stars0 ratingsMCSA Windows Server 2016 Practice Tests: Exam 70-740, Exam 70-741, Exam 70-742, and Exam 70-743 Rating: 0 out of 5 stars0 ratingsA Best Practices Guide for Comprehensive Employee Awareness Programs Rating: 0 out of 5 stars0 ratingsMobile Computing: Securing your workforce Rating: 0 out of 5 stars0 ratingsCCSP For Dummies: Book + 2 Practice Tests + 100 Flashcards Online Rating: 0 out of 5 stars0 ratingsRisk and Cybersecurity Third Edition Rating: 0 out of 5 stars0 ratingsCyber Security Resilience Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsDictionary of Information Security Rating: 0 out of 5 stars0 ratingsCan. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity Rating: 5 out of 5 stars5/5Privacy A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents Rating: 0 out of 5 stars0 ratingsThe Chartered Cyber Security Officer Rating: 5 out of 5 stars5/5Cloud computing security Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsSaaS Platform Security Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsIT Survival Guide Rating: 0 out of 5 stars0 ratingsCertified Authorization Professional Standard Requirements Rating: 0 out of 5 stars0 ratingsOSCP Offensive Security Certified Professional Practice Tests With Answers To Pass the OSCP Ethical Hacking Certification Exam Rating: 0 out of 5 stars0 ratingsUnified Communications Forensics: Anatomy of Common UC Attacks Rating: 4 out of 5 stars4/5Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want Rating: 0 out of 5 stars0 ratingsEC Council Certified Incident Handler A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity for Small Businesses and Nonprofits Rating: 0 out of 5 stars0 ratingsInformation security Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsBuilding a Life and Career in Security Rating: 5 out of 5 stars5/5Security Awareness Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsCloud Security and Risk Standards A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratings
Security For You
Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5
Reviews for 10 Things That Used to be Good Ideas in Data Security
0 ratings0 reviews
Book preview
10 Things That Used to be Good Ideas in Data Security - Mike Winkler
10 Things That Used to be Good Ideas in Data Security
by Mike Winkler, CISSP
10 Things That Used to be Good Ideas in Data Security
Mike Winkler
Published by Brainy Babe Micro Pub at Smashwords
Smashwords Edition on the next line.
Copyright © 2014 Mike Winkler
Cover Design by Meg Winkler
Cover Image @kraft2727- Fotolia.com
All rights reserved.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to your favorite ebook retailer and purchase your own copy. Thank you for respecting the hard work of this author.
Foreword
There is a misconception that an informational book or document must be written in a very formal (boring) way. Scores upon scores of technical books line the shelves of bookstores that present authors’ opinions and advice in stanch sentence structure and in a commanding tone. The reader is often instructed about what to do and what not to do in dry fashion, but this is not how things have to be.
The Internet age, bloggers, popular media outlets, and even social media have changed the way that we communicate via the written word. So, while you may be expecting a very formal book, what you hold in your hands is something more along the lines of sharing a conversation with a friend over a good cup of coffee. The author’s suggestions are merely that: suggestions. He offers them to you in order for you to consider them, edit them, and ultimately make them your own.
10 Things that Used to be Good Ideas in Data Security is an invitation to explore other options in data security, in the way that you relate to customers, coworkers, and auditors. This publication is designed to provide accurate and authoritative information in regard to the subject matter, but with the understanding that the publisher and author are not engaged in rendering psychological, financial, legal, or other professional services. I ask that as you read this publication, you use your best judgment regarding its suggestions. I sincerely hope that you find it as enjoyable as I have.
Megan Winkler, MA
Brainy Babe Micro Pub
10 Things That Used to be Good Ideas in Data Security
Who are you talking to here, Mike?
Am I wasting my time if I am not a CISO? Or am I wasting my time if I am?
The answer is no
either way. I know every author of every book claims it is perfect for all readers. Nearly all of them are lying, or at least fluffing a bit to increase sales. Instead of claiming that I have written the universal business book I want to suggest that data security is a puzzle. It would be bad enough if it were just one of those horrible 10,000 piece table-puzzles my uncle used to do. What we have is a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.
What I hope to bring to you is a guide to your piece of the puzzle. The newest system admin has fresh eyes and can see what the CISO cannot. The Security Director sees how much work things are to manage in a way that the higher ups can’t see. The CISO can (hopefully) see the big picture in order to use it in guiding the company.
In a constantly changing puzzle, we are all trying to achieve two things: 1) keep our company’s assets safe from improper users, and 2) make them available to the proper ones. Those two simple concepts are the job. Many of us often lose sight of this primal fact: data security has those two objectives and only those two. I am aware I am far from the first writer to talk about needing the balance between them. My objective here is to teach a little to each of us, whatever our job function, about how to do this without falling into the pitfalls of old ideas and old techniques.
In the modern world to be an educated IT consumer, you must understand the motives of your suppliers and manufacturers. A lot of what we talk about here is about insight (no pun intended) into what is motivating the vendors. It would be easy if the whole argument were the price wrangling in the finance offices at the end of the deal cycle. The truth is that there is a complex web of forces acting on them (and us) that forms their offerings and alters the way they deal with the buying public. Sun Tzu talked about the value of knowing your enemy. I would never go so far as to say that your vendors and service provider are the enemy, but knowing what drives them will never work against you.
Good communication is hard work; an old boss taught me that, and it took me years to internalize all that it means. The nuances in the case of 10 Things are a bit different. The trusted experts in your environment have very likely gotten myopic on some topics of their expertise: you can depend on that fact in every network of any size. It is a basic human trait to find a comfortable niche in an ever-changing world—it is also what will get you malicious outage or a data loss. Depend on it. If each of us can communicate about our view on the metamorphic (and metaphoric!) puzzle we have, maybe we can do a better job of solving it.
The presented problem should come with a presented solution
This is true with marriage, a company, or a lunch decision. Any time you present a problem you should be prepared to present a solution to the problem you brought, even if this is just brainstorming with the team about what the next set of answers is. For each of the problems presented here in 10 Things, I will present at least one way out of it. Solutions are what we should be looking for every day; otherwise we are just griping. As you will find in the reading of this work, one of my least favorite things in the whole world is the griping that goes on for the sake of griping.
A thought on name dropping, rants, and product recommendations
Anyone looking me up will see I have been on the vendor side of the tech industry for a long time. No vendor or service provider is giving any input (other than their public Web pages) or is compensating me in any way for my words. When I recommend people, they are from my heart and my experience. When I talk about products that solve problems, in no way do I imply that they are the only brand and only solution in that space. If I recommend VMware ACE, I am not saying anything bad about the competing Citrix product, just that I have used the VMware and it performed well.
There are places where I slam products and product philosophies. Poor Microsoft has become a target for this; they are part of what is a growing group of criticism magnets. As is true with my