Content protection and plagiarism
Most people tend to view content protection as a recording industry or corporate espionage issue. We have forgotten that people who plagiarize original content are also violating content security – someone else’s security in this case. My colleague Anthony Freed (who runs Information Security Resources) recently got an email from computer scientist and mathematician, Aaron Krowne. Aaron got […]
Data discovery and DLP
A number of DLP vendors like Symantec and Websense have been touting the advantages of data discovery – data at rest and data in motion. Discovery of data in motion is an important part of continuous improvement of data security policies. However – there are downsides to data discovery. Discovery is a form of voyeurism […]
Do you have a business need for DLP?
To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book Will security vendors, large to small (Symantec, Mcafee, nexTier, ANBsys and others..) succeed in restoring balance and harmony to their customers by relabeling their product suites as unified content […]
Business unit strategy for data security
At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value. Hmm. This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to […]
How can we convince our VP that a network-based DLP makes sense?
My colleague, Michel Godet – sent me a link to an article that Mike Rothman recently wrote. Michel (rightly) thinks that it supports the approach that we have been pushing in Europe for over a year now, to justify data security technology investments by using Value at Risk calculations. Mike’s article – building a business […]
Data security and compliance – Best practices
Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]
Building a business case for DLP
At a meeting with one of our clients last week – the question of business case for data loss prevention came up quite strongly. It started with the client saying that they were hearing that while vendors like Symantec and Websense were getting a lot of customers to buy their DLP products – many […]
How to valuate information assets
A client recently asked: How do I assign a dollar value to an assets?…should I use the purchase value of the asset, replacement value or expected damage to the company if the asset were stolen or exploited? Estimating asset value is without doubt the most frequent question we get when it comes to calculating data […]
Is social media crap for business?
A recent post by Kevin Conway on LinkedIn drew over 500 responses to his somewhat dramatic statement that Social Media for Business is CRAP – Maybe because my feeling for the hyped-up benefits of social media was recently confirmed by a top millionaire online guru. If you follow the most successful gurus his name is […]
Sears using spyware for sales
No secret that Walmart is hurting many older retail chains such as Kmart and Sears. Both latter companies are struggling to stay afloat, trimming the fat by closing locations and restructuring current stores to look refreshed and up to speed with America’s #1 retail giant. But now Sears and Kmart has come under fire for […]
