See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Security Minded - from Kai the Security Guy
Some thoughts on security (and other stuff) from a Microsoft security professional
Online Child Safety
Small Business Security
The Security Show
Browse by Tags
Security Minded - from Kai the Security Guy
Dripping Data: Understanding and Reducing Insider Threat (Part VII) - Moving Data Out of Your Organization
Well, if you've been following along...we talked about who the insiders are and the metrics behind economic espionage. We've discussed why they do it and how they get the data. But I know this probably hasn't been very technical for most of you. Today that is going to change. Today we're going to talk...
17 Nov 2007
Where's Kai? RSA Conference 2008!!
Well...if you're an IT Security Professional, you owe it to yourself to make the journey to the annual RSA Conference at least once in your life. It's the world's biggest security conference and many a great new announcement is made here. This year, it's my turn! They have some awesome speakers here...
7 Apr 2008
The Security Show: Episode Two – Stopping James Bond (Part II)
In this part, we get some good advice from the FBI on how to have that talk with your executives who like to travel out of the country and don’t really understand the risk that they assume when they carry that laptop, cell phone, or other electronic device with them. Good stuff!
20 Aug 2008
Dripping Data: Understanding and Reducing Insider Threat (Part V)
I've done a lot of work in the past few weeks trying to get you to truly understand the person we've dubbed "The Insider". We've discussed who they are, and why they do what they do. Today I'm going to be looking at exactly what it is these insiders are trying to take. What are the targets? Intellectual...
5 Nov 2007
Dripping Data: Understanding and Reducing Insider Threat (Part VI) - Social Engineering
If you've been with us the past few months, we've been talking about the who and why of economic espionage/insider threat. Starting today....we're about to make all you wannabe James Bonds out there understand the how. A New Degree in Engineering Still one of the hottest attacks around is one that you...
13 Nov 2007
Economic Espionage: Mitigating the Risk Using Non-Technical Methods
So yesterday I talked about the real risk that economic/corporate espionage is causing. It's huge!! This topic always ranks in the Top 3 whenever I ask the CSO "What is the biggest security risk you currently have?" Let's face it....every business has something that you consider to be unique. Something...
12 Apr 2007
Toronto: EnergizeIt: Get Your Geek On!
This past Saturday I was in Toronto to speak at their annual EnergizeIT event. Let me tell you something: These Canadians know how to throw an event! They had the audience of 1,400+ cheering and screaming during the opening keynote! I've done plenty of events and this was by far one of the best I've...
19 Jun 2007
Dripping Data: Understanding and Reducing Insider Threat (Part IX) - Oldies, but Goodies
Well....I received an absolutely unexpected and pleasure of an email from one of the excellent speakers over at the The Centre for Counterintelligence and Security Studies about my blog posts! I'm not sure they were reading or simply scanning for references to their website, but hey...I'm not picky!...
18 Jan 2008
Happy and Secure New Year!
I have returned! As many of you are aware, I travel extensively for my job and I was literally on the road for almost 10 straight weeks the latter part of 2007. Los Angeles. New York. Buenos Aires (x2). London. Redmond. Mexico City. Washington D.C. Toronto. I was more than excited to get to my vacation...
7 Jan 2008
Dripping Data: Understanding and Reducing Insider Threat (Part VIII) - Phone Home + The Power of the PMP!
" Hey IT Guy , c heck out my cool phone! I can use it as a modem for my laptop! " Ever heard that from one of those end users? I'm sure you have. Sounds much better than " Check out my cool wireless bridge I've been using to exfil sensitive data out of our company! " No matter if you've got the latest...
6 Dec 2007
The Security Show: Episode Two – Stopping James Bond (Part I)
I got it to work! I had some issues with the video playback in Silverlight after it came out of post-production in Sony Vegas. I really wish there was an easy way for Expressions Encoder to sort of “save your profile” so you wouldn’t have to go and tweak settings each and every time. Pretty much a hassle...
20 Aug 2008
The Security Show: Episode Two – Stopping James Bond (Part III)
I hope this is waking some folks up with regards to the huge issue that insider threat poses within your own company. We discuss some of the common characteristics that these people show and how we identify them. What are some of the triggers that make these folks turn against you? What are the warning...
21 Aug 2008
Tech-Ed 2007: Here we go!!
Well, it's very late here in Orlando, and like a good speaker I'm still tweaking and adjusting my slides with recent data and working on my demos. I know, I know.... Steve Riley and I are on the same team, and are both going to be speaking at Tech-Ed 2007 this year....but Steve is pretty much has a ...
3 Jun 2007
Economic Espionage: Mitigating with Technical Methods
So we're all technical folks...and we all like to use technical solutions to fix problems. I'm tellin ya, without the proper non-technical controls I mentioned earlier....you're dead in the water. Can't have bacon without eggs and peanut butter without jelly. It's just incomplete. I'm telling you now...
13 Apr 2007
Dripping Data: Understanding and Reducing Insider Threat
This is currently an area I've been focusing on for the past month or so. I've been doing a lot of reading, fact finding, research, etc. around the topic of data leakage that occurs when users are essentially stealing data from within your business. This ties into economic espionage, which is another...
18 Sep 2007
The Security Show: Episode Two – Stopping James Bond (Part IV)
This is the last of Episode Two and I hope everyone has been enjoying this interesting session with the FBI. In this final session, we wrapup and get a few comments from the audience. Good stuff. Next time, I’ll be posting Episode 3 titled “Gate, Guards, and Guns” where we’ll spend some time talking...
22 Aug 2008
The FBI Celebrates it’s 100th Anniversary!
I had the distinct honor this week, of attending the Bureau’s 100th Anniversary celebration event here at the Dallas FBI Field Office . (I’m the one that’s not blurry in the picture on the left) The event itself was very well done and the speeches by both Special Agent in Charge Casey and by Sen. Kay...
23 Jul 2008
Well, I'm back from vacation to England. Very cool, but let's get back to what this blog is about: Security . So you got data leaving the business without permission? We all love to think the firewalls are being penterated by the 16-year old in the black Metallica "Ride the Lightning" concert shirt....
10 Apr 2007
Big Bang Machine Hacked!
Well, apparently no one planned any information security with the super collider. I love the quote from this guy who is obviously not a security guy “ We don’t know who they were but there seems to be no harm done. ” Right. No harm done. We’re sorta sure. Time to buy a tin-foil hat.
15 Sep 2008
Dripping Data: Understanding and Reducing Insider Threat (Part II)
In the last post, I touched upon the reasons that Insider Threat is often ignore by corporations and businesses (yes.....this probably means you.) I also discussed the reasons why this threat is of much greater than concern than some 17-year old kid in some remote former Eastern Bloc country, hacking...
29 Sep 2007
RSA 2008 - Day 2: Windows vs. Linux, PLUS Insider Threat Experts, and The Parties
Day 2. I'm a but wore out since I was up into the wee hours trying to get my new video blogging mess figured out. The process that I thought would be (encoding and uploading).....wasn't. But the part that I thought would be easy (quality of the HD stream).....was. Still trying to work out exactly why...
10 Apr 2008
Ever Feel Like the Dumbest Guy In the Building at a Security Event?
As you probably already know, my full time job is to travel around the world speaking to execs and IT Pros about the world of information security. Recently, I was invited to speak at the North Carolina Technology Association's Five Pillars of Executive Leadership in a Non-Secure World Conference in...
14 Feb 2007
Dripping Data: Understanding and Reducing Insider Threat (Part III)
Today I'm going to discuss exactly who the these "insiders" are. As I mentioned earlier, the book " Insider Threat: Protecting the Enterprise from Sabotage, Spying and Theft " by Eric Cole and Sandra Ring has some terrific analysis and classification. Here's the breakdown: "We Love Bob!" " Hey everyone...
4 Oct 2007
You know you've made it when you land on the Canadian IT Pro User Blog . I just returned from a whirlwind tour of Western Canada where I hit 4 cities in 4 days (Calgary, Edmonton, Vancouver, and Victoria) and then had less than 20 hours at home before my next international adventure. I had a great time...
4 Oct 2007
Economic Espionage: A Real Threat
Another semester in the bag. I finished my last Information Assurance course in graduate school this past week. The class was on Trusted Systems and we spent a lot of time discussing the Common Criteria, the ratings, mandatory vs discretionary access controls, and we even created a Protection Profile...
10 Apr 2007
© 2015 Microsoft Corporation.
Privacy & Cookies