Link: http://www.linkedin.com/in/titssn

Good day to you,

I saw this question on LinkedIn and responded to it but felt that the info should be shared as much as possible so here it is.

—————
The IT/Information Security landscape is forever changing, with new threats appearing daily and the ever growing need for effective policies & technologies in the work place…where is the best place to start in tackling the vast arena that is IT/Information Security.

There are numerous white-papers and articles written about the numerous technologies on the market today but which is the most suitable? Do you go for a multi-layered approach, using a best-of-breed combination of IDS/IPS, Anti-Virus, Anti-Phising, Anti-Spam solutions…OR…would a business benefit more from a Unified Threat Management (UTM) Appliance?

My response.

Good day to you Mr. West,

A great question and I will try to add my little views on it.

First, The IT Security Threats Landscape is a people problem, not an industry one and as such must be addressed in that manner.

Secondly, UTMs are not the silver bullet for TITSTL (The IT Security Threats Landscape), it’s a greater improvement over previous technologies that allows better management and control from a single appliance. While many may debate that, I have worked with enough of these devices to see an improved framework and architecture over the years to say that I have strong faith and values in them as a good solution to have.

The caveat is it’s a single appliance so if it goes down then you’re in some form of trouble or disadvantage depending on the vendor and how it is configured.

So, going back to my first point, addressing TITSTL means re-evaluating where we’re coming from, where we are and what the future looks like based on past experiences and their effects. IT Security must be taught in the school systems from the 8th grade upward. It is not a college nor university topic as I know 10th graders who can walk in/around most if not any network.

We have underestimated the level of skillset in the young mind of our children and must accept this fact that they are and will be very much a part of this and so training them at these young ages will help them to understand why it is better to be on the good side rather than be script kiddies and playing around with codes they may not fully understand thus firing off some new unknown threat in the wild.

Why are we not seeing that this is not a corporate problem but a people problem is beyond me?

The impact and effects are staring us straight in the face and we fail to see how far down the rabbit hole it really goes. IT Security leaders need to take a more physical approach to the threats landscape by going out into the communities and spreading the word, teaching the word, sharing the education and awareness of why it is such a valuable thing to learn, know and understand because with every new piece of technology that comes out today, it has some wired or wireless connectivity to the internet and thus presents a new threat of have for the threats to hide in.

Stop promoting those cheap routers from the local stores that does nothing but gives a hacker another free zombie PC, let’s promote devices with multi-layer security features for the home and small businesses as well.. The use of a router that the entire hacking community has been hacking over years doesn’t provide any security because they may control it more than you the owner. As we all know, the availability of high speed services now adds an additional layer of threats/risk as these home/SMB users are a significant part of the botnets being discovered around the world. Using these high speed services to launch DDOS/DOS and targeted attacks are showing how much the hackers value and need their connections and why it’s even more critical to secure them properly.

While this is the case, no matter what technology you implement, if the needed training and awareness of why it is being put in place, the need and how to use it effectively is not given then the solution is easily compromised/circumvented. Take a few minutes to talk with people about why it is important to have proper protection. Tell them the real cost and effects of an identity theft. Tell them about the importance of accepting emails with attachments from known and trusted people. Tell them the values of buying legal copies of software rather than downloading a hacked copy from a torrents site.

It’s not about the scaring, it’s about the understanding of why it’s scary and how to stay protected and secure.

So, in answer to your question I say this, we need a cultural change and adoption of the “real” impact, effects and issues of TITSTL.

Thank you and have a great day,

~Brett A. Scudder~

Link: http://www.linkedin.com/e/gis/774617

Good day to you my fellow TITSSN members, associates, partners and friends,

Over the past few months I have been working on building up a strong initiative around the ethics, posture and etiquette of messaging and some of you have contributed greatly towards this effort through your feedback and response to my questions. I have taken this a few steps further and have built a specific group on LinkedIn geared towards the education and awareness of these messaging issues and how to address them in our personal and professional lives.

The new discussion board features of the LinkedIn network will allow us to foster the proper education, awareness and guidance needed to understand this critical form of collaboration, dissemination and networking.

I now invite you to join us in this initiative and group and help to build on it for the future of professional messaging. I look forward to having you with us.

About the Code of Honor - Advocates for the future of professional Messaging group

The group was created to address the everyday use of messaging in our personal and professional lives and how we go about using it. The proper use of messaging must be understood and effectively used with the proper sense of ethics, posture and etiquette as one never knows the life of the message and its destination(s).

How to compose a message – the posture, style, ethics and etiquette.
Is my message a reflection of me/myself?
Is messaging from your client different on a forum or social networking site – pros/cons, dos and don’ts.
Professional messaging vs. Personal messaging – where do I draw the line and what/when/how do I separate the two - pros/cons, dos and don’ts.
The use of a spell check for typos and grammatical errors – is this important and why/why not.
How to forward a message – who are the intended recipient(s), why are they being added and where should they be added CC or BCC.
Who to include when and where as CC or BCC.
What can I say and why/why not.
Are there any legal issues associated with the message once I hit the send button?
Am I held liable for the message(s) coming from my addy whether I sent them or not?
Responding to a message about a specific topic with something else, another topic – off subject responses or the start of a new issue in an old message – don’t
Mass mailings – good or bad, if/how and why/why not.
Mobile messaging ethics/etiquette – how to apply them and do they comply with your overall messaging policies.
Messaging clients – PC and mobile devices such as Windows Mobile, Blackberries, iPhones, Smartphone’s, PocketPCs, etc…
A growing problem to the messaging space – mobile messaging and text/txt messages – what are the issues and how much of an impact do they have on the overall messaging ethics.

The group is located here and is open for new members http://www.linkedin.com/e/gis/774617.

Thank you very much and have a great day. We apprecilove your business and support.

~Brett A. Scudder~
President/Chairman/Founder/Security Architect
The IT Security Suite Network
~TITSSN~

Link: http://titssn.net

Good day to you,

After a series of "challenges" (flooding, serious family emergency and the effects that took me out for a week) i’m back in the office and ready for full speed ahead. It has been very hectic dealing with the personal issues and the last flooding was enough for me to realize that I either had to move of redo my office setup. I can’t afford to lose anymore systemsor my resources so hey, I had to do what I had to and now I have a more"higher" standard in my office lol.

The family emergency hasn’t been fully resolved but isn’t as bad as it was and is in the process of being fully taken care of. For me, family comes first so hey, I had to take the week and stay focused on it and its effects. Thank God it wasn’t as life threatening as we thought but will be a long term effect at a lower level. But, the family is still strong, still focused, still together and we’ll get there slowly but surely.

As for TITSSN, we’ve got a hectic schedule ahead with some key programs and events in the works for September and October and we’re very excited about them. We have been working on some new enhancements to the network that will allow better collaboration of our entire network across all geographic regions. This has been a challenge as we’re an international organization that’s growing in more regions of the world as our message of elevating the education and awareness of The IT Security Threats Landscape is being seen and heard all over.

Sometime I wonder where these companies/people are picking up our message as i’m getting more requests for information and partnership from international entities. I guess that can only mean one things right, we’re doing something right and must continue to do so.

We have 3 new mailing lists that came online on September 1st. A separate post will be made with the details.

1 - general members list
2 - support list for those in need of security services and support. This list is for support requests only, not active ongoing issues
3 - an alert and troubleshooting list geared towards those who received alerts and applied the associated fixes and are experiencing issues with it/them.

So, get ready for a full line-up of awesome meetings, events, training and development and enhancements to the network. I guarantee you it’ll be worth it.

Unfortunately I was not able to promote our Small Medium Business IT Security Summit "SMBITSS" effectively and so we’re going to push that back later on in the year as we have to start focusing heavily on our upcoming NITSPAP and all that will be happening with that.

All road lead to our National IT Security Public Awareness Program "NITSPAP" coming up in October and you’re about to see a lot of planning and happenings around it.

Thank you for your support and we look forward to a lot more coming.

~Brett A. Scudder~

Link: http://paitsug.net

Good day to you,

Our PAITSUG monthly meeting is today starting at 6pm and will be taking a security deep dive into the new Windows Server 2008 with Mr. Brian Marranzini.

Brian Marranzini is a Network and security Technology Solutions Professional focusing on Windows Server, infrastructure and security. He joined Microsoft 8 years ago as a TAM and then spent a considerable amount of time helping customers fight almost all of the major virus outbreaks including but not limited to Code Red, Nimbda, SQL Slammer and more. He later worked on the team that developed a Securing Enterprise Platforms workshop that was taught both internally and directly to customers around the world. He has authored various articles for MCP Magazine, delivered webcasts on virus mitigation techniques, Limited user access, and the Windows XP SP2 firewall. Prior to joining Microsoft, Brian worked as a worked for and managed a team of security consultants offering security penetration testing, firewall configuration, security architecture, and core infrastructure consulting.

He will also be covering some additional topics such as:

What’s New
Virtualization Demo
Management Demo
Web Security Demo

All are invited and we ask that you help to disseminate the meeting invite and info to your peers and friends in the area who may find this of
interest.

Please register here http://www.clicktoattend.com/?id=131049

Live Meeting info here https://www.livemeeting.com/cc/microsoft/join?id=TKBHM2&role=present&pw=7PXJD3

Audio Conferencing info

Start the Office Live Meeting client, and then in the Voice & Video pane, click Join Conference. The conferencing service will call you at the number you specify. (Recommended)
Dial the conferencing service directly, and enter the participant code shown below:

- Toll-free: 1-8665006738 Participant Code: 351291

~TITSSN~