Two innovative ways to protect your data
It’s a slow news day and I am down to looking for really bizarre ideas for protecting data from trusted insider threats. No. 1 – Get a lot of data in one place but make it totally unsearchable. This is what happened to Usenet – Google’s Abandoned Library of 700 Million Titles. Google bought Deja.com […]
Datat loss prevention conference: DLP-Expert Russia
Friday October 2, 2009 I gave a talk at the data loss prevention conference DLP-Expert in Istra – just ouside of Moscow. I say “just outside” euphemistically, because it took us 4 hours to drive from Domdedovo airport to Istra – a trip of about 80 kilometers. Natalya Kaspersky presented an interesting market survey they […]
Is PCI DSS a failure?
A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey. Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical […]
Research shows that software defects are a key factor in data theft
A recent article on Internet Evolution , written by Gideon Lenkey quotes the SANS Institute: “application software is a major vulnerability for enterprises“. The root cause of application security vulnerabilities is bugs (usually design bugs but often implementation defects). A research study performed in 2007, analyzed over 180 data theft events. The empirical data shows […]
Charged for stealing 130 million credit card numbers
A Miami man has been charged with the largest data theft ever. Less than 5 years ago, the main modus operandi for stealing identity information was dumpster diving. If you shredded your statements, you were safe. However – today, it’s much more effective to steal the data directly from large retailer databases. Once you’re in […]
Multi-factor authentication for home banking
For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy […]
Trusted insider threats, fact and fiction
Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating the value of identity and access management in mitigating trusted […]
Is data loss prevention possible?
I recently saw an article on Computerweekly that asks – “Is data loss prevention possible?” I think that a more relevant question is “Is information protection possible?” The author correctly identifies that it’s easier to access data (and leak it) than to modify or delete data. However, the notion that data is out of control […]
Preventing document leaks
Pharmaceutical manufacturer Mylan has recently sued the Pittsburgh Post-Gazette over a series of stories describing safety issues in the Morgantown, Va., plant. The basis for the stories were documents leaked by workers in the plant – and although the information on the background to the leak is sparse – an FDA inspection has confirmed that […]
Detecting structured data loss
Loss of large numbers of credit cards is no longer news – DLP (data loss prevention) technologies are an excellent way of obtaining real time monitoring capability without changing your network and enterprise applications systems. Typically when companies are considering a DLP (data loss prevention ) solution – they start by looking at the offerings […]
