Is InfoSec an Art or Science? The Answer Will Surprise You

From time to time I’ll hear someone refer to information security as an art or a science. This article entitled “CyberGirlz: Middle-school girls learn the art of cybersecurity” is one example. And I’ve had people come right out and ask me if I thought information security was an art or science. I’ve always considered this either/or question a false dichotomy—a question which presumes the answer must be one or the other choice. Because to me, neither answer—art or science—is satisfactory.

I’ll explore both to show you why I think so.

Firstly, and the more problematic of the two options for me, is [click to continue…]

The Three Enemies of Security

Over the years I’ve heard various experts assert that “such and such is the enemy of security” as in “complexity is the enemy of security.” They say it with such conviction as if to remove all doubt that there could be any other enemies to security.

The problem is, I’ve seen different experts propose different enemies for security. In fact, there are three enemies of security that appear so frequently that I thought I’d do a little investigation to see [click to continue…]

Enforceable Policies vs. Accountable Policies

At a recent security steering committee meeting we were reviewing an update of our Password Policy which I had drafted. We got to a particular requirement which stated “Passwords should not include ‘guessable’ data such as personal information about yourself, your spouse, your pet, your children, birthdays, addresses, phone numbers, locations, etc.” One of the committee members said “that’s not enforceable.”

The comment made me stop and think for a second because [click to continue…]

How to Keep Your Website Backed Up

Many years ago, when I first started building websites, I tried various website hosting services. I eventually found one that I thought was a really great deal. It was only $2 a month charged through a PayPal subscription. I used them for almost a year, building many different sites with their service. Then, the worst case scenario happened: the web host went offline. All of the websites I had built were down.

I contacted the webhost through their email support account and they informed me that [click to continue…]

Word cloud for Website Security for Small Businesses

I made a cool word cloud from the text of my Website Security for Small Businesses ebook. Check it out!

Website-security-word-cloud - small

Here’s the full image:

Make your own word cloud here.

P.S. You can still download this Kindle ebook for free until tomorrow, 30 Jun 15.

Just Released: Website Security for Small Businesses (Get it free!)

Website Security for Small BusinessesNow available, the third book in the small business information security series: Website Security for Small Businesses.

And for a limited time (until June 30th) you can get it FREE from Amazon. Just go to the Amazon page below and download it to your Kindle device or Kindle app.

Here’s the catch: I’m looking for honest reviews in exchange for the free downloads. Just take a moment to go back to the Amazon page and give a quick rating.

I look forward to hearing what you think!

Upcoming book: Website Security for Small Businesses

Coming later in June is the next ebook in the Security Elements series: “Website Security for Small Businesses.”

This ebook will describe in detail essential security practices for webmasters including:

  • How to keep your website from being blacklisted
  • How to enable HTTPS to encrypt traffic to and from your site
  • How to get a free security seal for your site
  • A free service that protects your site from downtime
  • And much more!

Coming in June 2015!

Pen tester cartoon

I hired a cartoonist to make this cartoon for the play on words about penetration testers. It will be included in my next ebook: “Website Security for Small Businesses” available soon!