Welcome

Skeeter Spray is a blog for the common Information Security Professional. Why Skeeter Spray? See Post #1

Tuesday, March 15, 2011

Posting Your Life on Social Networking Sites

I have always considered myself somewhat of a logical thinker when it comes to what should be posted on social networking sites.  To clarify...I have a facebook page but I haven't posted anything to it; I only created the page so that I could monitor what my kids, nieces, nephews, friends kids, etc... were doing online (I feel that is part of my responsibility as a security professional).  There has been several times that I have contacted my facebook friends and informed them of the risks of some of the information they have posted on their site. 

For example, we had some friends come and visit us recently.  I happened to be on facebook the morning they were driving to our house.  I noticed their 14 year old daughter Amy had posted they were coming to visit us and was giving an up every couple of hours on the drive.   When they arrived, I told Amy that if I needed a TV and lived in their town, I would be visiting their house because I know they were going to be gone for 4 days.

Many times I have told my own kids, that for the most part, the only people that care about the information they post on facebook is those people without the best of intentions (except for Mom and Dad of course : )

Today's Thought:  Spend a few minutes each week and monitor the online activity of those people in your life and take the opportunity to educate them about the risks of online activity.

Until next time...Skeeter

Monday, March 14, 2011

Post #1

Why Skeeter Spray?   Information Security issues, problems,  and /or incidents (whatever you call them in your company) can be like those pesky little bugs.   There are many ways to deal with them:

1.  You can fog the whole yard and know that you will kill some.   Just as you can send out mass user education and hope some of it sticks with some of the users.
2.  You can light up a cigar and use the smoke to keep them away and the heck with the 2nd hand smoke.  Much like you create a policy that addresses a problem without concern for how it affects other business processes.
3.  You can spray some deet-based repellent and effectively keep the mosquitoes from biting you; however you must re-apply in several hours.  You can create an effective information security policy; however you must review on a recurring basis to make sure it is still performing as intended and if necessary rework the policy and reapply it.
4.  You can do nothing and swat at each one.  In the security world you go from one problem to another and usually don't end up fixing any of them...maybe (if you are lucky), you apply a band-aid.
5.  Or you can go in the house and ignore the mosquitoes.   Much in the same way you can ignore the security issue and hope it goes away.  Hint---unusually it doesn't go away...it gets worse.

Take the time to teach someone something about securing their personnel information.
Skeeter