Assorted Links for April 27, 2013

  • Spend a few minutes reviewing 20 Critical Security Controls. Very interesting stuff. For example, #1 refers to having and maintaining an inventory of authorized devices/etc. Do you know all the servers running SQL and would you know if someone set up a new one?
  • Add this blog about servant leaders to your reader if you’re currently managing or thinking about it.
  • Assign a custom icon for each of your USB drives so you can easily tell which is which when it’s plugged in
  • 20 interesting and free security tools. Use caution and common sense before you run these at the office. Not sure where to start? Learning Wireshark is a great way to see what is really going across the wire.
  • Want to learn about DLP (Data Leakage Protection)? Take a look at OpenDLP (I haven’t tried it yet). Or try Spider, an app that searches for various kinds of sensitive data. Reminder again to apply caution and common sense when trying it out.
  • Might find some interesting stuff at the Privacy Rights Clearinghouse, including a chronology of data breaches. You might also look at Data Loss DB.
  • I just ordered a copy of Translucent Databases ($4 used) by Peter Wayner.
  • I’m amused and annoyed that there is a need for a book on SQL injection (pub 2009, have not read it). Isn’t it time we solved this problem? Education is not working well enough.
  • While I’m posting security links, take a look at the Surveillance Self-Defense project. Lots of good information there on privacy and data protection.