Hello Everyone...we have some exciting news...we now have an office in Kansas City!  (See the news release below)

Integrity is pleased to announce the addition of a new office in the Kansas City metropolitan area.  Located in the Corporate Woods office park in Overland Park, Integrity’s new office will enhance the company’s presence in the Kansas City area and provide for better service coverage for clients in Kansas and Missouri.

As one of the premier information security, IT risk managment and compliance consulting firms in the midwest, Integrity views the Kansas City area as vital to our long term success and the addition of an office in the area show the company’s commitment to growing its client base in Kansas and Missouri.

One question I get asked repeatedly as a consultant is "What makes your company different?"  One of my answers is our approach to information security.  Everything we do is based on managing risk from the use of technology.  It's sad to say but even today, many security professionals still operate with the FUD (Fear, Uncertainty & Doubt) Factor.  At Integrity we pride ourselves in helping organizations deal with the real risk of using information technology to further their business.

Business is all about taking risk.  The idea is to do something that has enough risk that it keeps competitors out but where one can manipulate the variables enough to have a high probability of making a profit.  In today's world, one of the big variables is technology.  How it's utilized in the sales, marketing, design, manufacturing and other stages of a business venture can impact the probability of success.

Read more: Information Security or Risk Management

It seems the announcement by Google of a new privacy policy and corporate direction is creating a lot of buzz.  Honestly, if you didn't see this coming you must not be paying attention to the world around you.

Read more: Google's New Privacy Policy

Are you a college student majoring in Computer Engineering (CE), Computer Science (CS), Computer Information Systems (CIS), Management Information Systems (MIS), Network Engineering or other computer related field?  Have you taken any classes yet where IT risk management, information security, privacy or regulatory compliance has been the focus?  Do you know what SOX, HIPAA, PCI and FISMA are?

If not, you need to.  Large portions of your first job out of college could be spent on issues such as writing secure code, designing a network to meet regulatory compliance, implementing 2 factor authentication and other security related duties.  Do you feel prepared for this?

I just did some very quick and informal research on undergrad programs in Computer Science at large public research universities across the country.  Shockingly one had an information security course in the core requirements.  Even then it was one of 3 courses in a "pick 2" category so it wasn't required for graduation.

If you are a college student and you haven't spent at least 1/2 of a semester dealing with information security and privacy principles you are ill prepared to face the challenges that will come at you full throttle after graduation.  Use one of your electives to get these necessary skills and be a leg up when you go to interview for that first job.  If your school doesn't offer any courses on information security then This email address is being protected from spambots. You need JavaScript enabled to view it. .  I'll be happy to mentor you to help you find some high quality (and in most cases free) resources.

The 2012 defense funding bill includes provisions for the Secretary of Defense to initiate offensive cyber-attacks at the direction of the President.  Quite frankly I commend this public endorsement.  If you think it hasn't already happened you're living under a pretty dark rock.  Anything that gives us an advantage over our enemies who have publicly stated their desire to destroy America and it's way of life is welcomed.  Anything that helps keep our soldiers, airmen and sailors out of harm's way a little longer is great too.

The one thing we must not ignore though is that a cyber-attack carried out by the U.S. against one of our adversaries may result in a response most Americans won't be prepared for.  Typically the rules of engagement for U.S. troops is one of equal and proportionate response.  In other words, you don't answer small arms fire with a nuke.  We are used to this from our enemies as well.  However, if our adversaries cannot carry out sophisticated cyber-attacks in response to our cyber initiatives their only recourse is a traditional military response.

We live in the dawn of a new age.  The military has used information warfare for decades.  Big companies battle with it as well.  The front lines are expanding daily.  Are we ready?  I certainly hope so.

Yesterday at the ISSA chapter meeting here in Des Moines we began with a discussion of mobile devices and how organizations are developing policies around use of personal devices for work purposes.  As expected it ranged from only company devices are allowed for limited functions to any devices is allowed for anything it can access.  We quicly moved into discussions on the impact newer generations of workers, social media, regulations such as HIPAA and mobile devices have on how we approach data security.

One member made the comment that a new CISO was brought in a few years ago to their organization that made a big difference.  This executive had the ability to articulate risk to the other executives in a fashion they understood.  They now have more money to fix issues than they've ever had in the past.  For this organization, pitching the security needs in terms of risk and quality improvement made all the difference.  I've been expousing this philosophy for years and can attest to it's impact.  If you can't articulate the need in a way that ties into the business objectives you're simply rambling.  Helping executives see how security and IT risk management goals tie into the larger organziational goals and you'll find the path is often paved before your very eyes.

If you're in the Des Moines area and intersted in information security, IT risk management and compliance, I'd encourage you to check out the Information Systems Security Association (ISSA) chapter meetings.  We meet monthly in West Des Moines, IA and will be adding web conferencing in the near future for those of you in other areas of the state.  Feel free to contact me or check out the chapter website (http://www.issa-desmoines.org) for more details.