Security Leadership
Gas prices may go down and electricity may get cheaper – but In 2009, most of us will have less money to spend and our clients will be tough on pricing and orders. For information security and compliance professionals it is the time to find, implement and enforce cost-effective security countermeasures. BUT HOW?
The worst bugs are the simplest bugs
It is a truism of security that the worst vulnerabilities are usually the simplest – many are configuration bugs or simple design flaws like leaving temp files world read. Many Open Source projects such as Open Clinica use the excellent PostgreSQL database. You get 90% of Oracle at 10% of the weight and for free. […]
Buggy software is risky software
Here’s a good example of post-hoc error and buggy software: Courtesy of my wife, from a Microsoft program they are using at work: –Microsoft help tip: “You might want to ask someone you know for help.” Danny Lieberman, specialist preventing data loss because of buggy software and systems
Are you on your firewall, while your employees are on Gmail?
Pop question No. 1: What percent of your employees send sensitive company documents to their Gmail accounts? Pop question No. 2: When you layoff 15 percent of your workforce, should you fire the information security manager a) First, b) Last or c) Give her an incentive to help ensure that a data breach of […]
Agency Accidentally Posts Social Security Numbers Online
I think the expression is – “the road to hell is paved with good intentions”. I got wind of this data breach event from the IS Alliance. As reported by WFTV Orlando – Social security numbers for 250,000 people were posted online by mistake, and a state agency is facing serious questions about why it […]
Great achievements involve great risk
Is it possible to have good kharma in information security – when you’re trying to keep the bad guys off your network (firewall, IPS) and keep the good suff inside (data loss prevention) and maintain good internal security (network surveillance)? I got a Powerpoint slide show in the email this morning from my friend Jeff […]
Netwitness – next generation network traffic analysis
Imagine Harrison Ford doing traffic analysis on your network. Hmm – there’s a thought. The US-based company – Netwitness has been making a lot of noise lately about their “next generation” capability to perform full session reassembly and threat analysis from packet capture. This is a great feature to have for traffic analysis that has […]
The death of risk assessment
We saw the movie “Blood Diamonds” last night; the way some companies practice IT risk management reminds me of TIA – “This is Africa”. Joseph Granneman talks about some of the problems with conventional IT risk assessment on Searchsecurity.com Risk assessment, as currently practiced in information security, is dead. I’m not saying we need to […]
Spector 360, data loss prevention tool?
Remember the “The Phil Spector Sound”? (I grew up on rock and roll just outside of Philly and when you say Spector, I associate it with Phil Spector or Arlen Spector – my mind is just wired that way…. A business partner of ours in a developing country asked me a security product question today. […]
Bank employee steals 100,000 sheqels
This is a classic case of trusted insider threat – as reported by yesterday’s morning paper – “Israel Today”: ( i assume that this has been under investigation for a while so the actual event may have happened over a year ago…). The arrest sheet in the Tel Aviv district court depicts collusion between an […]
