Is PCI DSS a failure?
A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey. Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical […]
Multi-factor authentication for home banking
For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy […]
Trusted insider threats, fact and fiction
Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating the value of identity and access management in mitigating trusted […]
Sharing security information
I think fragmentation of knowledge is a root cause of data breaches. It’s almost a cliche to say that the security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years. It is apparent that government regulation is ineffective in preventing identity […]
Detecting structured data loss
Loss of large numbers of credit cards is no longer news – DLP (data loss prevention) technologies are an excellent way of obtaining real time monitoring capability without changing your network and enterprise applications systems. Typically when companies are considering a DLP (data loss prevention ) solution – they start by looking at the offerings […]
Value based decisions
If you read Robert Heinlen you know TAANSTAFL – “There ain’t no such thing as a free lunch”. In the PC world of 2010 we say stuff like “there is a need for value based decisions in health care”. Over 20 patients a day die in the UK,from the superbug infections, MRSA and C difficile. […]
Drug counterfeiting, hype or health?
Counterfeiting is a hot issue not only because it hits vendors in the pocket but because of the public health/safety implications. Product counterfeiting ranges from fashion, such as Dolce & Gabbana handbags, high performance bike frames such as Specialized Bikes to faking innovative drugs such as Viagra. The Israeli onlline business daily “The Marker” recently […]
Simplicity and technical superiority
In today’s environment of financial crisis, the tradeoff managers usually make is coverage against cost. IT and corporate management are more concerned with reducing outsourcing costs and cutting back on professional services instead of achieving and sustaining technical excellence in security and compliance. Technical superiority in IT security will not enlarge your market share or […]
N Digital TV data breach in Poland
Polish digital TV broadcaster N (owned by ITI Neovision) has disclosed a breach of customer data records – after PII was discovered accidentally on the Net by a subscriber via a search engine. The partner who manages our offices in Warsaw (the team specializes in high end data security consulting and DLP projects in Central […]
Exploiting a wireless mesh network for utilities
I think it’s only a matter of time before someone exploits a wireless mesh network that controls and reads home utility meters to get free water and electricity. Until then, there is a problem of range and coverage. Greentech media reports that Trilliant ( a smart meter neighborhood networking startup) has bought SkyPilot for it’s […]
