10 Things That Used to be Good Ideas in Data Security
By Mike Winkler
()
About this ebook
Data security has two objectives and only two: To keep our company’s assets safe from improper users, and to make it available to the proper ones.
We continually make the same human nature mistakes again and again in pursuit of these two deceptively complex objectives. In 10 Things that Used to be Good Ideas in Data Security, author Mike Winkler discusses how we let old ideas, some of which used to be good, keep us from making the right decisions; social inertia meets the pace of unending change. Data sec is a huge puzzle; a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.
Mike Winkler
An engineer by day, Mike Winkler spends his free time creating new universes, imagining “alternities,” and crafting truly original characters. His adventures are large-scale and centered on human relationships, even if the characters are very tall lizard men, immortal warriors, or ultimate weapons at the end of time.When not constructing stories, he’s building solar power systems, practicing yoga, chowing down on a hamburger while surrounded by vegetarians, or off playing games with Meg. His writing portfolio includes a variety of fiction and technical works.Mike has been photographed with the likes of fellow author and partner Meg Winkler, various people in costume, and the Rosetta Stone. If he could meet any person, living or dead, he’d travel back in time to meet Winston Churchill on his worst day.
Related to 10 Things That Used to be Good Ideas in Data Security
Related ebooks
Speaking Their Language: The Non-Techie's Guide to Managing IT & Cybersecurity for Your Organization Rating: 0 out of 5 stars0 ratingsDigital Cop: A Digital Cop's Guide to Cyber Security Rating: 0 out of 5 stars0 ratingsThe Secure CEO: How to Protect Your Computer Systems, Your Company, and Your Job Rating: 0 out of 5 stars0 ratingsMalware Sandbox A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsCan. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity Rating: 5 out of 5 stars5/5Risk and Cybersecurity Third Edition Rating: 0 out of 5 stars0 ratingsData Breach Response A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIan Talks Hacking A-Z Rating: 0 out of 5 stars0 ratingsOSINT Hacker's Arsenal: Metagoofil, Theharvester, Mitaka, Builtwith Rating: 0 out of 5 stars0 ratingsA Best Practices Guide for Comprehensive Employee Awareness Programs Rating: 0 out of 5 stars0 ratingsUnified Communications Forensics: Anatomy of Common UC Attacks Rating: 4 out of 5 stars4/5OSINT Cracking Tools: Maltego, Shodan, Aircrack-Ng, Recon-Ng Rating: 0 out of 5 stars0 ratingsHow to Use Web 2.0 and Social Networking Sites Securely: A Pocket Guide Rating: 0 out of 5 stars0 ratingsCybersecurity Awareness A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsEC Council Certified Incident Handler A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsBeginning Security with Microsoft Technologies: Protecting Office 365, Devices, and Data Rating: 0 out of 5 stars0 ratingsDefense in Depth: An Impractical Strategy for a Cyber-World Rating: 5 out of 5 stars5/5Mobile Malware Protection Third Edition Rating: 0 out of 5 stars0 ratingsEmerging Trends in ICT Security Rating: 0 out of 5 stars0 ratingsMy Conversations With God AI Rating: 0 out of 5 stars0 ratingsAdvanced OSINT Strategies: Online Investigations And Intelligence Gathering Rating: 0 out of 5 stars0 ratingsNavigating the Cybersecurity Career Path Rating: 0 out of 5 stars0 ratingsSecurity and Privacy in the Internet of Things: & Dark-web Investigation Rating: 0 out of 5 stars0 ratingsDetecting and Combating Malicious Email Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsDefending the Digital Perimeter: Network Security Audit Readiness Strategies Rating: 0 out of 5 stars0 ratingsIT Service Root Cause Analysis Tools The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsIntroduction to Computer Programming (using Java): Passbooks Study Guide Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How I Rob Banks: And Other Such Places Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Blockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5
Reviews for 10 Things That Used to be Good Ideas in Data Security
0 ratings0 reviews
Book preview
10 Things That Used to be Good Ideas in Data Security - Mike Winkler
10 Things That Used to be Good Ideas in Data Security
by Mike Winkler, CISSP
10 Things That Used to be Good Ideas in Data Security
Mike Winkler
Published by Brainy Babe Micro Pub at Smashwords
Smashwords Edition on the next line.
Copyright © 2014 Mike Winkler
Cover Design by Meg Winkler
Cover Image @kraft2727- Fotolia.com
All rights reserved.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to your favorite ebook retailer and purchase your own copy. Thank you for respecting the hard work of this author.
Foreword
There is a misconception that an informational book or document must be written in a very formal (boring) way. Scores upon scores of technical books line the shelves of bookstores that present authors’ opinions and advice in stanch sentence structure and in a commanding tone. The reader is often instructed about what to do and what not to do in dry fashion, but this is not how things have to be.
The Internet age, bloggers, popular media outlets, and even social media have changed the way that we communicate via the written word. So, while you may be expecting a very formal book, what you hold in your hands is something more along the lines of sharing a conversation with a friend over a good cup of coffee. The author’s suggestions are merely that: suggestions. He offers them to you in order for you to consider them, edit them, and ultimately make them your own.
10 Things that Used to be Good Ideas in Data Security is an invitation to explore other options in data security, in the way that you relate to customers, coworkers, and auditors. This publication is designed to provide accurate and authoritative information in regard to the subject matter, but with the understanding that the publisher and author are not engaged in rendering psychological, financial, legal, or other professional services. I ask that as you read this publication, you use your best judgment regarding its suggestions. I sincerely hope that you find it as enjoyable as I have.
Megan Winkler, MA
Brainy Babe Micro Pub
10 Things That Used to be Good Ideas in Data Security
Who are you talking to here, Mike?
Am I wasting my time if I am not a CISO? Or am I wasting my time if I am?
The answer is no
either way. I know every author of every book claims it is perfect for all readers. Nearly all of them are lying, or at least fluffing a bit to increase sales. Instead of claiming that I have written the universal business book I want to suggest that data security is a puzzle. It would be bad enough if it were just one of those horrible 10,000 piece table-puzzles my uncle used to do. What we have is a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.
What I hope to bring to you is a guide to your piece of the puzzle. The newest system admin has fresh eyes and can see what the CISO cannot. The Security Director sees how much work things are to manage in a way that the higher ups can’t see. The CISO can (hopefully) see the big picture in order to use it in guiding the company.
In a constantly changing puzzle, we are all trying to achieve two things: 1) keep our company’s assets safe from improper users, and 2) make them available to the proper ones. Those two simple concepts are the job. Many of us often lose sight of this primal fact: data security has those two objectives and only those two. I am aware I am far from the first writer to talk about needing the balance between them. My objective here is to teach a little to each of us, whatever our job function, about how to do this without falling into the pitfalls of old ideas and old techniques.
In the modern world to be an educated IT consumer, you must understand the motives of your suppliers and manufacturers. A lot of what we talk about here is about insight (no pun intended) into what is motivating the vendors. It would be easy if the whole argument were the price wrangling in the finance offices at the end of the deal cycle. The truth is that there is a complex web of forces acting on them (and us) that forms their offerings and alters the way they deal with the buying public. Sun Tzu talked about the value of knowing your enemy. I would never go so far as to say that your vendors and service provider are the enemy, but knowing what drives them will never work against you.
Good communication is hard work; an old boss taught me that, and it took me years to internalize all that it means. The nuances in the case of 10 Things are a bit different. The trusted experts in your environment have very likely gotten myopic on some topics of their expertise: you can depend on that fact in every network of any size. It is a basic human trait to find a comfortable niche in an ever-changing world—it is also what will get you malicious outage or a data loss. Depend on it. If each of us can communicate about our view on the metamorphic (and metaphoric!) puzzle we have, maybe we can do a better job of solving it.
The presented problem should come with a presented solution
This is true with marriage, a company, or a lunch decision. Any time you present a problem you should be prepared to present a solution to the problem you brought, even if this is just brainstorming with the team about what the next set of answers is. For each of the problems presented here in 10 Things, I will present at least one way out of it. Solutions are what we should be looking for every day; otherwise we are just griping. As you will find in the reading of this work, one of my least favorite things in the whole world is the griping that goes on for the sake of griping.
A thought on name dropping, rants, and product recommendations
Anyone looking me up will see I have been on the vendor side of the tech industry for a long time. No vendor or service provider is giving any input (other than their public Web pages) or is compensating me in any way for my words. When I recommend people, they are from my heart and my experience. When I talk about products that solve problems, in no way do I imply that they are the only brand and only solution in that space. If I recommend VMware ACE, I am not saying anything bad about the competing Citrix product, just that I have used the VMware and it performed well.
There are places where I slam products and product philosophies. Poor Microsoft has become a target for this; they are part of what is a growing group of criticism magnets. As is true with my