Single Sign-On

There are two kinds of organizations. Those that manage their single sign-on (SSO) system, and those that let their users manage their SSO. The other day I was in a discussion with a number of security leaders about how important identity management is to your security strategy. Obviously, everyone agreed that identity is very important. After all, if you don’t have a strong identity strategy pretty much no other component of your strategy will be strong. There is a reason that the first function of the NIST CSF is Identity.  However, the discussion then turned to SSO and whether it didn’t constitute putting all your eggs in one basket, and whether doing so is a good idea. Yes. SSO does constitute putting all your eggs in one basket. But, that is a good  thing. Why? Because you, as a security leader control  that basket. You know where it is. You know how it is configured. You have already required strong multi-factor authentication (MFA) on it. (You have right? If not, stop reading th

Electric Car Charger Basics

Congratulations on your electric car purchase, or at least thinking about it. The first thing you need to learn about driving electric is that your car is nearly always going to be fully charged when you go to use it, because you will plug it in as soon as you get home. Unlike a car with an internal combustion engine (ICE), where the first thing you do is check how much fuel you have, with an electric car, you just go, because it is nearly always fully charged! The second thing will learn is that you don’t need to fully charge the car. You just need to charge it enough to get to where you can charge it next. This is very different from an ICE vehicle where you nearly always fill it up. Because you can plug in almost anywhere (there are 800,000 charging stations in the US for instance) you don’t really ever worry about it after the first two weeks of driving electric. Charging Standards The great thing about standards is there are many to choose from. Electric car charging is no differe

The Busy Executive's Guide to Personal Information Security, Part 2 of ?

  It was, of course, bound to happen. As soon as I published the   The Busy Executive’s Guide to Personal Information Security   the first person I showed it to said “but what about...”. Of course, there are a lot more things you should very seriously consider. The two that came up in that discussion are covered here. If you have additional tips that I hadn’t thought of, or questions about other steps, let me know. Freeze Your Credit Reports Most countries have some form of credit rating system. In the U.S. we have three credit bureaus with a not-altogether stellar record of keeping your information secure, nor a particularly inspiring track record of keeping bad guys from using it. If you want to change how they protect it, you need to begin by finding someone to vote for on November 3, 2020 who cares about such things. I’ve not heard anyone really pay much attention to it though, but you should definitely vote anyway.  However, if you want to control how the information is  used  you

The Busy Executive’s Guide to Personal Information Security

Congratulations. As an executive you are the favorite target of ne’er-do-wells across the world. They will spoof email messages to staff and business partners in your name. They will try to hack your corporate account, your bank account, your email account, and your phone. In addition to hundreds of messages per week from semi-legitimate vendors who want to sell you their most recent search engine optimization snake-oil you will also get a variety of Word documents, PDF files, and PowerPoint presentations, most of which are laden with malware. If this sounds depressing, it is. It is the world of Information Security. There are ways to protect yourself, however. This document will tell you the most important things you can do. 1. Patch Your Stuff! The first thing you need to do is to patch. Software and hardware vendors provide regular security updates to fix security bugs. Or, rather, the reputable ones do. The first step is to use devices and software that provide timely and reliable