The root cause of credit card data breaches in Israel
In my previous post – “The Israeli credit card breach” I noted that there are 5 fundamental reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security. After reading the excellent article by Sarah Leibowitz-Dar in the Maariv […]
How to reduce risk of a data breach
Historical data in log files has little intrinsic value in the here-and-now process of event response and mediation and compliance check lists have little direct value in protecting customers. Software Associates specializes in helping medical device and healthcare vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and […]
The connection between porn, fraud and data breaches
Are organizations with higher exposure to online porn and gambling more likely to have a higher incidence of data breach incidents? On the heels of recent Israeli credit card breach incidents, the reports of suspected fraud and money laundering at ICC CAL are bad timing at the very least for Israeli security and compliance. Last […]
The Israeli credit card breach
There are 5 reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security“. I could write a book on mismanagement of data governance and compliance, data security, web server security, web application software security. In 2003, I […]
What is the best way for a business to prevent data breaches?
Let’s start with the short version of the answer – use your common sense before reading vendor collateral. I think PT Barnum once said “There is a sucker born every minute” in the famous Cardiff Giant hoax – (although some say it was his competitor, Mr. George Hull. Kachina Dunn wrote how Microsoft got security […]
Preventing data leakage when you outsource
A presentation I gave at the Israeli CISO forum, on how to prevent data breaches when you outsource your I.T operation and/or software development group. Click here to download the presentation
DRM versus DLP
A common question for a large company that needs to protect intellectual property from theft and abuse is choosing the right balance of technology, process and procedure. It has been said that the Americans are very rules-based in their approach to security and compliance where the the Europeans are more principles-based. This article presents a […]
Is network PVR the best direction for the big studios ?
The distribution of video over multicast-broadcast networks and content storage at by users with Windows PCs and PVRs has created a huge threat surface for digital content. Typical to flawed security countermeasures, HDCP and AACS exacerbate and enlarge the threat surface rather than enhance revenues and reduce risk. In this article we will show that […]
DLP for telecom service providers
A customer case study: Using DLP to protect customer data at a telecom service provider Our first data loss prevention (DLP) project was in 2005 with 013 Barak – now 013 Barak/Netvision. It followed on the heels of an extensive business vulnerability assessment and management level decision to protect customer data. It’s significant that 013 […]
DLP in on-line trading
A customer case study – DLP helped diamonds.com be more secure and more competitive. We designed and implemented a large scale IT infrastructure modernization project that was tasked with improving availability, scalability and security of the online diamond trading networks at diamonds.com and diamonds.net. Network DLP appliances were deployed in the US and in EMEA […]
