10 Things That Used to be Good Ideas in Data Security
By Mike Winkler
()
About this ebook
Data security has two objectives and only two: To keep our company’s assets safe from improper users, and to make it available to the proper ones.
We continually make the same human nature mistakes again and again in pursuit of these two deceptively complex objectives. In 10 Things that Used to be Good Ideas in Data Security, author Mike Winkler discusses how we let old ideas, some of which used to be good, keep us from making the right decisions; social inertia meets the pace of unending change. Data sec is a huge puzzle; a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.
Mike Winkler
An engineer by day, Mike Winkler spends his free time creating new universes, imagining “alternities,” and crafting truly original characters. His adventures are large-scale and centered on human relationships, even if the characters are very tall lizard men, immortal warriors, or ultimate weapons at the end of time.When not constructing stories, he’s building solar power systems, practicing yoga, chowing down on a hamburger while surrounded by vegetarians, or off playing games with Meg. His writing portfolio includes a variety of fiction and technical works.Mike has been photographed with the likes of fellow author and partner Meg Winkler, various people in costume, and the Rosetta Stone. If he could meet any person, living or dead, he’d travel back in time to meet Winston Churchill on his worst day.
Related to 10 Things That Used to be Good Ideas in Data Security
Related ebooks
Speaking Their Language: The Non-Techie's Guide to Managing IT & Cybersecurity for Your Organization Rating: 0 out of 5 stars0 ratingsThe Secure CEO: How to Protect Your Computer Systems, Your Company, and Your Job Rating: 0 out of 5 stars0 ratingsIT Survival Guide Rating: 0 out of 5 stars0 ratingsActivator: Success in the Tech Industry with Design Thinking Rating: 0 out of 5 stars0 ratingsMaking Passwords Secure Rating: 0 out of 5 stars0 ratingsPrivileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsJump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success Rating: 0 out of 5 stars0 ratingsCan. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity Rating: 5 out of 5 stars5/5Malware Sandbox A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsIan Talks Hacking A-Z Rating: 0 out of 5 stars0 ratingsUnified Communications Forensics: Anatomy of Common UC Attacks Rating: 4 out of 5 stars4/5Cyber Security Risk Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsSeven Deadliest Social Network Attacks Rating: 0 out of 5 stars0 ratingsJourney to becoming an Information Technology Leader Rating: 0 out of 5 stars0 ratingsCloud Security and Risk Standards A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity in Our Digital Lives Rating: 5 out of 5 stars5/5Kali Linux, Ethical Hacking And Pen Testing For Beginners Rating: 0 out of 5 stars0 ratingsDigital Forensics A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsRisk and Cybersecurity Third Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Awareness A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Review Guide: Exam SY0-501 Rating: 1 out of 5 stars1/5Beginning Security with Microsoft Technologies: Protecting Office 365, Devices, and Data Rating: 0 out of 5 stars0 ratingsHack Proofing Your Web Applications: The Only Way to Stop a Hacker Is to Think Like One Rating: 0 out of 5 stars0 ratingsInformation security Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsDictionary of Information Security Rating: 0 out of 5 stars0 ratingsTechno Security's Guide to Managing Risks for IT Managers, Auditors, and Investigators Rating: 0 out of 5 stars0 ratingsCybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents Rating: 0 out of 5 stars0 ratingsCyber Hygiene A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsMobile Computing: Securing your workforce Rating: 0 out of 5 stars0 ratings
Security For You
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsNetwork+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5How to Measure Anything in Cybersecurity Risk Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratings
Reviews for 10 Things That Used to be Good Ideas in Data Security
0 ratings0 reviews
Book preview
10 Things That Used to be Good Ideas in Data Security - Mike Winkler
10 Things That Used to be Good Ideas in Data Security
by Mike Winkler, CISSP
10 Things That Used to be Good Ideas in Data Security
Mike Winkler
Published by Brainy Babe Micro Pub at Smashwords
Smashwords Edition on the next line.
Copyright © 2014 Mike Winkler
Cover Design by Meg Winkler
Cover Image @kraft2727- Fotolia.com
All rights reserved.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to your favorite ebook retailer and purchase your own copy. Thank you for respecting the hard work of this author.
Foreword
There is a misconception that an informational book or document must be written in a very formal (boring) way. Scores upon scores of technical books line the shelves of bookstores that present authors’ opinions and advice in stanch sentence structure and in a commanding tone. The reader is often instructed about what to do and what not to do in dry fashion, but this is not how things have to be.
The Internet age, bloggers, popular media outlets, and even social media have changed the way that we communicate via the written word. So, while you may be expecting a very formal book, what you hold in your hands is something more along the lines of sharing a conversation with a friend over a good cup of coffee. The author’s suggestions are merely that: suggestions. He offers them to you in order for you to consider them, edit them, and ultimately make them your own.
10 Things that Used to be Good Ideas in Data Security is an invitation to explore other options in data security, in the way that you relate to customers, coworkers, and auditors. This publication is designed to provide accurate and authoritative information in regard to the subject matter, but with the understanding that the publisher and author are not engaged in rendering psychological, financial, legal, or other professional services. I ask that as you read this publication, you use your best judgment regarding its suggestions. I sincerely hope that you find it as enjoyable as I have.
Megan Winkler, MA
Brainy Babe Micro Pub
10 Things That Used to be Good Ideas in Data Security
Who are you talking to here, Mike?
Am I wasting my time if I am not a CISO? Or am I wasting my time if I am?
The answer is no
either way. I know every author of every book claims it is perfect for all readers. Nearly all of them are lying, or at least fluffing a bit to increase sales. Instead of claiming that I have written the universal business book I want to suggest that data security is a puzzle. It would be bad enough if it were just one of those horrible 10,000 piece table-puzzles my uncle used to do. What we have is a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.
What I hope to bring to you is a guide to your piece of the puzzle. The newest system admin has fresh eyes and can see what the CISO cannot. The Security Director sees how much work things are to manage in a way that the higher ups can’t see. The CISO can (hopefully) see the big picture in order to use it in guiding the company.
In a constantly changing puzzle, we are all trying to achieve two things: 1) keep our company’s assets safe from improper users, and 2) make them available to the proper ones. Those two simple concepts are the job. Many of us often lose sight of this primal fact: data security has those two objectives and only those two. I am aware I am far from the first writer to talk about needing the balance between them. My objective here is to teach a little to each of us, whatever our job function, about how to do this without falling into the pitfalls of old ideas and old techniques.
In the modern world to be an educated IT consumer, you must understand the motives of your suppliers and manufacturers. A lot of what we talk about here is about insight (no pun intended) into what is motivating the vendors. It would be easy if the whole argument were the price wrangling in the finance offices at the end of the deal cycle. The truth is that there is a complex web of forces acting on them (and us) that forms their offerings and alters the way they deal with the buying public. Sun Tzu talked about the value of knowing your enemy. I would never go so far as to say that your vendors and service provider are the enemy, but knowing what drives them will never work against you.
Good communication is hard work; an old boss taught me that, and it took me years to internalize all that it means. The nuances in the case of 10 Things are a bit different. The trusted experts in your environment have very likely gotten myopic on some topics of their expertise: you can depend on that fact in every network of any size. It is a basic human trait to find a comfortable niche in an ever-changing world—it is also what will get you malicious outage or a data loss. Depend on it. If each of us can communicate about our view on the metamorphic (and metaphoric!) puzzle we have, maybe we can do a better job of solving it.
The presented problem should come with a presented solution
This is true with marriage, a company, or a lunch decision. Any time you present a problem you should be prepared to present a solution to the problem you brought, even if this is just brainstorming with the team about what the next set of answers is. For each of the problems presented here in 10 Things, I will present at least one way out of it. Solutions are what we should be looking for every day; otherwise we are just griping. As you will find in the reading of this work, one of my least favorite things in the whole world is the griping that goes on for the sake of griping.
A thought on name dropping, rants, and product recommendations
Anyone looking me up will see I have been on the vendor side of the tech industry for a long time. No vendor or service provider is giving any input (other than their public Web pages) or is compensating me in any way for my words. When I recommend people, they are from my heart and my experience. When I talk about products that solve problems, in no way do I imply that they are the only brand and only solution in that space. If I recommend VMware ACE, I am not saying anything bad about the competing Citrix product, just that I have used the VMware and it performed well.
There are places where I slam products and product philosophies. Poor Microsoft has become a target for this; they are part of what is a growing group of criticism magnets. As is true with my