Feedback on The Security Minute articles or comments.

Businesses are Unprepared for Family Unpreparedness

Every so often a business is impacted by a personal event that happens to one of its key people. Out of this situation key person insurance was born. This is an insurance policy taken out by a business to compensate that business for financial losses that would arise from the death or extended incapacity of the member or […]

Business Recovery, Continuity and Insight

I realize that at first glance the title of this issue risks categorizing its message as “outdated”, because the term business reslilience has replaced disaster recovery (DR) and business continuity (BC) in many discussions. However, the title reflects the actual evolution that occured, as DR was aimed at recovery after the fact, BC aimed at continuing business critical functions during the difficulties, and business […]

Lean Security Operations

Think Like an Entrepreneur, Manage Like a Businessman This past week I had the chance to peruse the websites of a selection of global companies, all of whom were rightly proclaiming that their leading business practices made them leading companies. Several of the “About Us” web pages included terms like “managing for excellence”, “leading edge process […]

The Secret to True Security Leadership

True security leadership is very easy to do—but very hard to figure out. That’s why it is such a big secret. The word leadership calls up images in our minds of famous charismatic leaders of history. That works against us. Great individuals such as Dr. Martin Luther King, Winston Churchill orMahatma Ghandi are few and far between, and you […]

The Security Leader’s Unfair Advantage

A security leader—whether or not he or she has a job title containing the word “security”—has an unfair advantage in comparison to other leaders in the organization. I don’t just mean the “top” security leader, I mean anyone who is in a position to lead others with regard to the organization’s security. Personally I don’t […]

Secret Weapon for Securing Security Systems!

I’m talking about physical security systems—like facility access control and video systems—which are increasingly being connected to corporate networks. These systems are notoriously not secure. Don’t take my word for it. Ask the Alliance for Enteprise Security Risk Management(, whose first focus group issued a report titled “Convergent Security Risks in Physical Security Systems and IT […]

An Ounce of Prevention: Insider Threats

Last week, at the Global Security Operations 2010 event in Atlanta, then-Chief of the Counterintelligence (CI) Strategy and Domain Section, Thomas Mahlik, gave a briefing to attendees on industrial espionage, specifically about the means and methods used used by hostile countries to target US technology industry companies and their people. Chief Malik mentioned a statistic that you have […]

The Seven-Sentence Convergence Turnaround

Last year I witnessesed a very smart CSO perform a convergence turnaround at another company (not his employer) using just seven sentences. It started at a SecureWorld Expo event, during a round table discussion being run by Steve Lasky, Publisher and Editor-in-Chief of Security Technology Executive magazine. During the discussion, a security manager voiced his surprise at hearing that other security practitioners […]

Smoking is Hazardous to Facility Security Health

This is a vulnerability that most companies have. Fortunately it can be addressed fairly quickly for little or no cost, depending upon the security measures currently in place. A retired friend of mine liked to demonstrate this vulnerability to security managers and senior executives, with the CEO or other senior executive being his accomplice. (He would obtain a “get […]

Interesting Cousins: Quality and Security

For several years I have been fascinated by comparisons between Quality and Security. I have also learned a lot from them. Quality and Security first came to my attention a few years ago, when I was invited to a company’s senior executive meeting, called to figure out what to do about a major information security incident. The […]