I just received a creative postcard in the mail – I thought I’d share it with those of you who are out selling. Bill Whitley, a good friend and colleague sends me a card picturing an Eskimo with the frequently seen red circle and slash – NO ICE FOR ESKIMOS…it’s part of his campaign to steer sales people away from selling clients things they don’t need. He says in his note, “I would much rather do the best possible discovery, understand my customer’s needs, and create a solution that they want to buy and will benefit from for years to come (and will thank me for). Well said Bill. You can reach Bill for more sales insights at www.billwhitley.com.
Archive for March, 2009
11
Mar
09
Whitley’s Eskimo Campaign
09
Mar
09
Data@Risk – Coming Soon!
Here’s a quick update on my latest book, Data@Risk, Building an Asset Mindset Towards Securing Your Data. I’m now working on some art work and a cover to keep things interesting. All chapters are now complete and we’re closing in on some final edits. I hope to be printing toward month end.
Also, if you haven’t been to my Podcast site recently, Part II of my Cybercrime series has now been posted. Be sure to join those who are already signed up to see how you can leverage the latest happenings to grow your business. http://dstelzl.podbean.com/
06
Mar
09
Are You PCI Aware?
This week the PCI council has posted updates to implementing PCI compliance. As a solution provider you should be aware of the 12 areas for PCI DSS compliance and the council’s recommended approach. As you review this remember that Heartland was compliant, yet vulnerable. PCI compliance does not mean a company is secure. In fact you’ll notice that the end-node security requirements don’t necessarily stop computers from being part of P2P networks (note: we’re not saying it would be in compliance, but taking these steps won’t prevent it). As a sales person selling high-tech solutions, you should know the 12 points if you call on anyone taking credit cards. The first PDF link on the PCI council site explains the 12 steps, the excel sheet then elaborates on the recommended process.
https://www.pcisecuritystandards.org/education/prioritized.shtml
03
Mar
09
Obama’s Helicopter Breach
Sitting here in the San Jose airport reviewing comments from yesterday’ s workshop – one the of the security issues we covered included leakage through P2P networks, a topic I’ve mentioned before on this blog. Here’s the proof; Obama’s helicopter – Marine One: here’s what was out there in plain sight:
“In addition to the blueprints and avionics package information, the breached data included costs for building and maintaining the helicopter used by the White House to ferry the president to Andrews Air Force Base, Camp David in the Maryland Mountains and other locations around Washington, D.C.” – reported by Channel Insider, and online tech bulletin.
How does this happen? Referring back to my previous post on P2P Peril – this is common. This data was likely on a system that was either used by family members or the employee was using this system for personal activities including music and video file sharing on a P2P network. Once connected to this public forum, hackers set up information aggregators that search for sensitive information including government and financial data. That data is then copied to a central aggregation server that can be accessed by those who know of its existence. This was discovered by using a third party service that sets up its own search engines, looking for confidential data, in an effort to notify the owner (a paid service government and large corporations subscribe to). What happens from here? The data is out there – whatever it is. It can’t be erased or recovered. The employ may be terminated or sent to “special projects”, meanwhile other users will be cautioned not to let this happen again. Chances are the user of this system had no idea this was happening, and neither will his colleagues, until it happens to them. The real problem belongs to the asset owners and national security – i.e. our personal safety.
You can read more at : http://www.channelinsider.com/c/a/Security/Data-on-Presidents-Helicopter-Breached/?kc=CITCIEMNL03032009STR2
03
Mar
09
The Power of Telepresence
Today we broadcasted our first nationwide Making Money with SecurityTM class over telepresence thanks to Cisco sponsorship, and those who attended this one day session from cities including: NY, Madison, Dallas, RTP, and San Jose. While getting the logistics together for such an event was somewhat challenging (such as scheduling a lunch break across four time zones and figuring out start and stop times) the class was well attended and effective. If you’ve not had the chance to attend a telepresence meeting, I highly recommend it over video conference or webex. It’s almost like being there. The benefit – we avoided flying people from all parts of the country, a huge cost savings for those who attended.
