The Dreaded Call Daniel Seward awoke to his cell phone vibrating on his nightstand. Groggily he rolled over and looked at the phone. It was just after 5am and he didn’t recognize the 800 number, but angrily answered it ready to give the telemarketer a piece of his mind. “Do you realize what time it is?” “Mr. Seward, this is Ross Spears with the fraud prevention unit of Haneysville National Bank. We have detected activity within your account that we suspect may be fraudulent. Did you attempt a wire transfer of $73,500 to an account at 6:15am on Tuesday?” Immediately, Daniel sat up in bed, his heart racing. “No, I did not. Who was the wire made to?” “We cannot[…]

What is the bare minimum amount of work that can be done that can be considered making a system more secure? What items must all individuals, all organizations, and all systems address in order to improve security? I often tell people that security is not one-size-fits-all, but what is the one-size-fits-most equivalent? What is the 20% of minimum viable security implementation that will address 80% of vulnerabilities? In 2006, NIST released special publication 800-69, Guidance for Securing Microsoft Windows XP Home Edition, a series of recommendations on how individuals could secure their home computers. Weighing in at 175 pages, it was not for the faint of heart. If you stick with it until Appendix A, you’ll find this interesting quote: Appendix A contains step-by-step instructions for implementing the[…]