Research shows that software defects are a key factor in data theft
A recent article on Internet Evolution , written by Gideon Lenkey quotes the SANS Institute: “application software is a major vulnerability for enterprises“. The root cause of application security vulnerabilities is bugs (usually design bugs but often implementation defects). A research study performed in 2007, analyzed over 180 data theft events. The empirical data shows […]
The first circle
It has been a while since I blogged about music – but someone asked me today what do I listen to when I need that extra boost and cheering up, and the answer was Pat Matheney – “The first circle” There is something about Pat Matheney that appeals to people of all different backgrounds and […]
Selling data security
Big projects are easier to manage than little ones. In the 80s, I worked at EDP, a VAX/VMS software house. We were doing a project for Yellow Pages in Israel and I was introduced to Boaz Dotan – who had just started what was later to become Amdocs, the Israeli software and services giant. Boaz […]
Third party verification of verbal agreements
My lawyer once told me that I should be careful with verbal commitments since a verbal commitment can often be construed as a binding agreement. The question is how to verify the verbal agreement and enforce non-repudiation? There are many cases in life where you want to be able to verify a verbal commitment using […]
Ten common data security mistakes
Five years ago in October 2004, I wrote a piece on the top ten mistakes companies make in their data security policy and implementation (see the full article – 10 common data security mistakes). I took a few minutes today to update the article in the course of preparing for our next online data security […]
Charged for stealing 130 million credit card numbers
A Miami man has been charged with the largest data theft ever. Less than 5 years ago, the main modus operandi for stealing identity information was dumpster diving. If you shredded your statements, you were safe. However – today, it’s much more effective to steal the data directly from large retailer databases. Once you’re in […]
Multi-factor authentication for home banking
For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy […]
Trusted insider threats, fact and fiction
Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating the value of identity and access management in mitigating trusted […]
The problem of security information sharing
In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The […]
Who is the key person in your security organization
In the late 80’s I was a hyperactive programmer at a small VAX/VMS software house. We were group of 5 programmers – we had some nice accounts – like Intel, and National Semiconductor, Hadassah Hospital and Amdocs, but I always felt intimidated by the big IT integrators. One day – my DEC account manager told […]
