Articles by Ed Moyle

Organizations love false economies. It may not be an entirely conscious act on their part, but it's certainly the truth: Hang around any organization long enough, and you'll find at least one instance where it tries to save on doing A but winds up spending more on doing B in the process. Consider, for example, expense policies that require emplo...

It's a myth that ostriches bury their heads when they spot danger. It sounds plausible, but in reality, they're just like us: In the face of imminent danger, they either run or attack ("fight or flight"). This makes sense when you stop to think about it. After all, one thing that seems almost painfully obvious is that ignoring signs of danger i...

Over the past few decades, most IT shops have followed a somewhat similar trajectory: Starting from a centralized model (i.e., the mainframe days), computing resources, much like the cosmological Big Bang, have exploded outwards to become ever-more-distributed and decentralized. This makes sense given market dynamics. Computing platforms evolve quickly, so monolithic computing platforms that require heavy up-front investment are less efficient from a depreciation standpoint (i.e., from a MIPS per dollar per year point of view) than numerous, incremental investments in lower-powered devices. ...

Let's face it: Social engineering -- attacking an organization through deception by "tricking" internal users into sharing inappropriate levels of access -- isn't a topic that comes up very much in most IT shops. This isn't because social engineering is ineffective or because organizations aren't susceptible to it. To the contrary: Although dire...

Is it just me, or does it seem like every day there's another breach to worry about? RSA, Epsilon, Sony, now Citibank -- it seems like a day doesn't go by where there isn't another high-profile breach in the news. It seems like everyone's getting hacked, and it seems like it's happening with increasing regularity. Of course, to say that being a...

Take a moment to visualize a physician traveling home in a cab from a long day. Stuck in traffic, our hypothetical physician sees this as the perfect time to catch up on email and or to do non-care-related administrative tasks. At the end of the cab ride, he or she puts the phone down to pay the driver. Being tired -- in a moment of thoughtlessness -- the doctor accidentally walk away from the cab, leaving the phone on the seat. One more lost device. ...

Information security pros working in the healthcare sector quite often experience a high degree of frustration and anxiety when it comes to the Security Rule's "addressable" implementation specifications. As any healthcare provider will tell you, the addressable requirements of the security rule tend to be among the more difficult to meet and more technically focused of the mandates with the Security Rule. ...

If you ever have a need to burn off some excess optimism, try taking a look through some of the statistics out there about success and failure rates for enterprise IT projects -- it's pretty ugly. Although specifics of statistic and survey data vary, studies have historically suggested failure rates as high as 75 percent for technology projects. That means it's quite a bit more likely for an IT project to fail than succeed -- including projects that don't complete at all, as well as projects that have time, budget or quality "challenges." ...

Teamwork is important. We all know this to be the case whenever we do anything in a group involving other people. But arbitrary -- even directionless -- teamwork doesn't make success by itself, no matter what the motivational poster might tell you. There are different kinds of teamwork. Consider, for example, the difference between a three-legge...

Have you ever found yourself paying the penalty for a rule you didn't even know you were breaking? Like getting a ticket for speeding when you didn't realize the speed limit had changed? Or paying a work-related travel expenses out of our own pocket because you didn't realize your firm's travel policy had a restriction that you didn't know about? ...

Skills develop with practice and repetition. It's true of anything, from playing the piano to driving a car. In any endeavor, the way to get better is to practice. Attempt the activity again and again, learning from mistakes made along the way "Practice makes perfect" -- that's not a way we usually think about information security; instead, we us...

Well, it's November again. And in addition to gearing up for turkeys, pumpkin pie and football, those of us in IT know it's time to gear up for something else, something probably much less pleasant: our annual budget cycle. It's time once again for us to enter into days-long deliberation sessions deciding what and where (in some cases whom) to c...

As we should probably realize by now, not all tasks are created equal -- especially when it comes to making mistakes. For most of the things we do -- from brushing our teeth to typing an email -- making a mistake is usually relatively innocuous. Sure, we might have to clean a bit of the toothpaste off the sink or retype a word or two, but the world doesn't blow up. It's just a bit of extra hassle to recover. ...

A lot of folks have been making a big deal the past few days about Google employee David Barksdale. If you haven't caught the coverage, the fuss is centered around this one employee -- a mid-twenties "site reliability engineer" -- who (allegedly) inappropriately used his position of authority and corresponding elevated levels of access and privilege to view the private data of a number of individuals. The fact that the data included details of a few individuals who were minors -- well, that wasn't good. Anyway, this thing is turning into quite the brouhaha. ...

Imagine this situation: A coworker calls you in a panic. He's facing a fast-approaching deadline, and you are the only person who can help him succeed in getting some critical task done. This hypothetical coworker explains to you what he's working on and how it's critical to the success of the organization in some way; he's at his wits' end in trying to accomplish a portion of that task (say, downloading a critical file from an internal file server), and he's asking you in desperation to help him out. Would you help him? ...

Just a few weeks ago, Lincoln Medical and Mental Health Center learned a hard lesson. If you didn't see the news reports, the N.Y.-based healthcare provider notified over 130,000 individuals that their records -- including diagnostic information, Social Security numbers, dates of birth, and other information of use to identity thieves -- was potentially lost. ...

Did you know everyone has a blind spot? It's true. I don't mean the blind spot you get behind you when you're out on the road driving -- where you can't see a passing car in your rear-view mirror. Instead, I'm talking about something that's an aspect of human physiology: the "anatomical blind spot" (punctum caecum) -- a place inside your eye wh...

There's no shame in admitting that audits are hard. For those of us in IT, hearing the word "audit" probably brings up a groundswell of negative connotations and the corresponding aggravation and headache: We know from having lived through it that tech-heavy regulatory audits -- annual PCI assessments, HIPAA audits, ISO, etc. -- cut directly into our staff's ability to get their already-busy jobs done. ...

The No. 1 complaint that I hear from organizations when discussing IT security is that they don't have enough resources to do everything they need to. It's no mystery why: Take an ever-increasing body of regulations and laws we need to comply with, add to it demands of customers and the business, mix in risky scenarios like home users using unman...

Over the past few years, it seems like there's one technology that almost everyone is deploying: laptop encryption. All over the industry, in nearly every vertical, it seems like everybody has either just deployed, is deploying, or is about to deploy some type of encryption technology to protect laptop data. When you think about it, it really isn...