Off-label marketing
I recently read an article by Adriane Fugh-Berman and Douglas Melnick about Off-Label Promotion, On-Target Sales In the pharmaceutical industry, there are two ways to market an approved drug for a new use: the “indication” route—performing studies necessary for regulatory approval—or the “publication” strategy, which stimulates off-label prescribing by using research “to disseminate the information […]
Scientific New York Post
I recently saw a great piece of pseudo-science courtesy of Websense describing the cost of data loss and amazing ROI for the Websense Data Security solution. (a friend who studied physics with me used to call this sort of writing “Scientific New York Post”) See Websense white paper ROI of DLP Bruce Schneier correctly notes […]
Designing a data security system
User-Driven Design versus User-Centered design Alan Cooper, in his book The Inmates are Running the Asylum, draws a distinction between user-centered design and user-driven design. User-driven design is about collecting, prioritizing and implementing a system to the user requirements – we’ve all been seen software development projects where the requirements spiraled out of control and […]
Open source trumps closed access
The comparison between an open source collaborative recommender system and a closed access research effort is revealing – the open source project is already implementing production grade systems and the closed source research project can allow us to read their article for a fee. The Apache Mahout/Taste version 0.1 open source software project is being […]
Gaming the ratings
A common vulnerability in online ecommerce sites is fraudulent manipulation of user profiles in order to boost the ratings of products in online recommender systems and overall reputation of the web site. This article – Unsupervised Retrieval of Attack Profiles in Collaborative Recommender Systems casts this problem as a problem of detecting anomalous structure in […]
The role of user accountability and training in data security
In this article I will show that DLP technology such as Fidelis XPS, Mcafee DLP, Verdasys Digital Guardian, Websense Data Security Suite and Symantec Data Loss Prevention 9 – is a necessary but not sufficient condition for effective data security. I submit that effective data security is a three-legged stool of: Monitoring – using DLP […]
Data at rest encryption
Two days in the same week to run into FCPA issues is strange. A prospect in Poland (ENEA) recently acquired Euro 6 million worth of disks from Hitachi and explained the purchase as a data loss prevention measure (Hitachi has data at rest encryption- i.e. the controller encrypts the data on the disk, which makes […]
Hip Replacement
Personally I prefer a good guitarist who can read and improvise.
Turning the tables on data theft
The State of Virginia is offering a very substantial reward for information that leads to the arrest of a malicious attacker who stole 8 million data records.
Entrapment – a solution for insider threats?
Not sweet, not a solution and not for insider threats. Roger Grimes on Infoworld is trying to promote the idea that entrapment tactics with a honeypot can be a cheap, easy, and effective warning system against the trusted insider gone bad. Of course, I don’t blame Roger for trying to game the search engines with […]
