Will smart phones replace credit cards?
A recent post “Can smartphones replace credit cards” wonders whether or not consumers are ready to trade in their plastic for their cell-phone. Mobile payment technology has been around for about 10 years and it has not really taken off in a big way – although there are niche applications. In Tel Aviv for example, […]
Windows USB vulnerabilities reign supreme
In an article to be published Wednesday August 26, 2010 discussing the Pentagon’s cyberstrategy, Deputy Defense Secretary William J. Lynn III says malicious code placed on a removable drive by a foreign intelligence agency in 2008 uploaded itself onto a network run by the U.S. military’s Central Command – source: Washington Post “That code spread […]
Private social networking for healthcare
I think we’re rapidly approaching a point in time where people will pay for privacy. I know that after a super-hot month of August with the house full of kids chain-watching Ratatouille, I would pay someone for some privacy. The privacy controls that governments are attempting to impose on social media and the technical safeguards that […]
More nonsense with numbers
Now it’s some lazy journalist at Information Week aiding and abetting the pseudo-statistics of of the Ponemon Institute – screaming headlines of the cost of data breaches of PHI – protected healthcare information According to Information Week; Analysis: Healthcare Breach Costs May Reach $800 Million Since the Health Information Technology for Economic and Clinical Health […]
Data security breaches can wreak havoc on people’s lives
Aug 7, 2010 WASHINGTON, D.D.—U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV) today introduced legislation to require businesses and nonprofit organizations that store consumers’ personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the […]
Data security in the cloud
It seems that with amorphous and rapidly evolving trend of storing data in cloud providers and social media like Twitter and Facebook, that social media and cloud computing is the next frontier of data security breaches. And – here, we have not even solved the problem of trusted insiders. The letter of the law is […]
Database activity monitoring
If you deploy or are considering data security technology from Websense, Fidelis, Verdasys , Guardium, Imperva or Sentrigo – do you give a DAM ? It seems that DLP (data loss prevention) vendors are moving up the food chain into DAM (database activity monitoring)? As customers deploy two products in parallel (for example Imperva and […]
Economic crime vulnerabilities
The key vulnerabilities of a business to fraud and data loss are rooted in the four sins of hubris: thinking, looking, fighting and denying. Hubris is defined as excessive pride or self-confidence, starting with the thought that fraud and data theft won’t happen to you. Most firms look in the wrong direction, by focussing on external […]
The next generation of risk analysis
“What me worry – I’ve got a regulatory check list and an enterprise risk management system to manage the process”. I want to talk about under-thinking the risk analysis and over-spending on the solution. I believe that there is a fundamental flaw in enterprise risk management systems – they don’t really tell the organization something […]
Standardized screening for data security risk
Best practices for data security are still evolving – as there are no industry-standard data security metrics and a confusing array of regulatory compliance and industry standards – PCI DSS 1.2, Sarbanes-Oxley, FISMA, ISO2700x – just to name a few. Organizations (government included) currently use a combination of tactics – penetration testing, vulnerability analysis (usually […]
