Secure collaboration, agile collaboration
One of the biggest challenges in global multi-center clinical trials (after enrollment of patients) is collaboration between multi-center clinical trial teams: CRAs, investigators, regulatory, marketing, manufacturing, market research, data managers, statisticians and site administrators. In a complex global environment, pharma do not have control of computer platforms that local sites use – yet there is […]
The top 2 responses to data security threats
How does your company mitigate the risk of data security threats? Is your company management adopting a policy of “It’s other peoples money”? In a recent thread on LinkedIn – Jody Keyser shared some quotes from David Vose’s book on risk, reliability and computerized risk modeling: Risk Analysis a quantitative guide. The responses to correctly identified […]
The 4 questions
One of the famous canons in the Jewish Passover “seder” ritual is 4 questions from 4 sons – the son who is wise, the son who is wicked, the son who is innocent and the son who doesn’t know enough to ask. I sometimes have this feeling of Deja vu when considering data security technology […]
Choosing endpoint DLP agents
There is a lot to be said for preventing data loss at the point of use but if you are considering endpoint DLP (data loss prevention), I recommend against buying and deploying an integrated DLP/Anti-virus end-point security agent. This is for 4 reasons: Bloatware/system resource consumption – if you’re concerned with anti-virus system resource usage, […]
DLP psychology or DLP technology?
Thoughts of change in the way IT and security will operate – In many corners of the corporate HQ, in fact, there are plenty of execs who, from time to time, would probably take pleasure in watching IT fail, a la Lehman Brothers. …Why the new normal could kill IT..from my colleague – Michel Godet I believe […]
Exploiting Apache DoS vulnerabilities
Apache is the world’ most popular Web server for Linux and Windows platforms, and with such a large attack surface, it’s no surprise that attackers are looking to exploit Apache software vulnerabilities. The approach used by XerXeS is somewhat novel in that it is based on a DoS (not DDos) attack and apparentlyrequires relatively modest computing […]
The effectiveness of access controls
With all due respect to Varonis and access controls in general (Just the area of Sharepoint is a fertile market for data security), the problem of internally-launched attacks is that they are all done by the “right” people and / or by software agents who have the “right” access rights. There are 3 general classes […]
Cultural factors in DLP
What is interesting and generally overlooked – is the cultural differences between the US and the rest of the world. The Europeans prefer a more nuanced approach stressing discipline and procedures,The Americans are compliance driven and IT top heavy, I imagine if you look at DLP sales – 98% are in the US, being (right or […]
Facebook disclosure cancels raid on terrorists
I want to challenge the effectiveness of top-down, monolithic security frameworks (ISO 27001/PCI DSS) – I submit that rapidly changing threats – social networking, cyberstalking, social engineering, cyber-stalking and custom spyware are threats that exploit people and system vulnerabilities but are not readily mitigated by a top down set of security countermeasures. The recent case […]
Learning about change and changing your security
Reading through the trade press, DLP vendor marketing collateral and various forums on information security, the conventional wisdom is that the key threat to an organization is trusted insiders. This is arguable – since it depends on your organization, the size of the business and type of operation. However – This is certainly true […]
