In this case study, I present you with a problem employee. You are hereby invited to help his frazzled boss either a) deal with this employee or b) show the guy the nearest exit. I solicited input from a bunch of IT bosses and management experts regarding how they’d respond, and at the end I reveal the true fate of this real-life IT worker. Check out the story at Input-Output.
In God We Trust, but Security Vendors Need to Sign the Papers
If Anonymous, LulzSec et al. can pwn security vendors, who can protect us? Here’s help on how to rate security vendors on the sitting-duck scale.
In this two-part look at how to vet security vendors, my first article—In God We Trust, but Security Vendors Need to Sign the Papers—focuses on assessing a vendor. This is done at arm’s length by simple online research as well as by holding security vendors accountable for not living up to various agreed-upon levels of service, similar to what’s being done increasingly by the industries Veracode notes.
The second article, In God We Trust, but It’s Nice to Do a Physical Walk-Through on Security Vendors, features input from Infosec professionals on what to watch for if you can conduct an on-site visit to a security vendor.