Controlled social networking
I saw a post recently on Controlled social networking for student collaboration. One of the comments lamented not having the head count to install technology to control Facebook access by students. Frankly – as a data security and compliance consultant who does a lot of work with corporates in social networking (both on the application side […]
Are you still using Excel for risk assessment?
There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed. A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional […]
Database activity monitoring
If you deploy or are considering data security technology from Websense, Fidelis, Verdasys , Guardium, Imperva or Sentrigo – do you give a DAM ? It seems that DLP (data loss prevention) vendors are moving up the food chain into DAM (database activity monitoring)? As customers deploy two products in parallel (for example Imperva and […]
What price privacy?
Dr. David Gurevich in an interview with the Israeli business daily Globes predicts that real time death will be the next development in reality programming. Once the domain of science fiction and fantasy – Dr. Gurevich believes that the online death scenario is an inevitable development in the loss of privacy and wave of voyeurism […]
Economic crime vulnerabilities
The key vulnerabilities of a business to fraud and data loss are rooted in the four sins of hubris: thinking, looking, fighting and denying. Hubris is defined as excessive pride or self-confidence, starting with the thought that fraud and data theft won’t happen to you. Most firms look in the wrong direction, by focussing on external […]
The next generation of risk analysis
“What me worry – I’ve got a regulatory check list and an enterprise risk management system to manage the process”. I want to talk about under-thinking the risk analysis and over-spending on the solution. I believe that there is a fundamental flaw in enterprise risk management systems – they don’t really tell the organization something […]
Standardized screening for data security risk
Best practices for data security are still evolving – as there are no industry-standard data security metrics and a confusing array of regulatory compliance and industry standards – PCI DSS 1.2, Sarbanes-Oxley, FISMA, ISO2700x – just to name a few. Organizations (government included) currently use a combination of tactics – penetration testing, vulnerability analysis (usually […]
What is the value of a trade secret?
My guess is that the value of software patents is on the decline, taking value as the net of the economic upside of the software patent less the cost of patent development, application and enforcement. The dynamic is that the benefit from patent protection in the software industry is less than the cost of the […]
US bashing Toyota for displacing GM as #1
There is a reason why GM is in trouble and Toyota has displaced GM in the number one automobile manufacturer. Here is a piece from a colleague and friend – Todd Walzer, Todd and I worked together at Intel Fab 8 in Jerusalem in the 80’s. Working at Intel Jerusalem in the 1980’s, we were […]
DEA connections
I just saw this on the LinkedIn Global Pharma Connections group – I thought it was great… If you have a need for someone with years of experience with handling DEA issues, please don’t hesitate to contact me. It is not easy… More » By Carlos M. Aquino
