Why the Europeans are not buying DLP
It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the […]
Private social networking for healthcare
I think we’re rapidly approaching a point in time where people will pay for privacy. I know that after a super-hot month of August with the house full of kids chain-watching Ratatouille, I would pay someone for some privacy. The privacy controls that governments are attempting to impose on social media and the technical safeguards that […]
More nonsense with numbers
Now it’s some lazy journalist at Information Week aiding and abetting the pseudo-statistics of of the Ponemon Institute – screaming headlines of the cost of data breaches of PHI – protected healthcare information According to Information Week; Analysis: Healthcare Breach Costs May Reach $800 Million Since the Health Information Technology for Economic and Clinical Health […]
Data security breaches can wreak havoc on people’s lives
Aug 7, 2010 WASHINGTON, D.D.—U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV) today introduced legislation to require businesses and nonprofit organizations that store consumers’ personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the […]
Is your DLP project a failure?
Are we in the same valley of death that held content management applications in the 90s? Where companies spent 6-7 figures on content management from companies like Vignette and over 50% of the projects never got off the ground? Tell me what you think in this Linked In poll – DLP success or failure
Data security in the cloud
It seems that with amorphous and rapidly evolving trend of storing data in cloud providers and social media like Twitter and Facebook, that social media and cloud computing is the next frontier of data security breaches. And – here, we have not even solved the problem of trusted insiders. The letter of the law is […]
Is IT equipped to deal with clear and present danger?
Are the security lights on, but no one is home at your company? An April 2010 survey of 80 chief security officers and over 200 members of ASIS International (a trade association for corporate security professionals) basically says that while most large organizations have risk analysis processes – there is no one in charge of risk […]
Database activity monitoring
If you deploy or are considering data security technology from Websense, Fidelis, Verdasys , Guardium, Imperva or Sentrigo – do you give a DAM ? It seems that DLP (data loss prevention) vendors are moving up the food chain into DAM (database activity monitoring)? As customers deploy two products in parallel (for example Imperva and […]
Economic crime vulnerabilities
The key vulnerabilities of a business to fraud and data loss are rooted in the four sins of hubris: thinking, looking, fighting and denying. Hubris is defined as excessive pride or self-confidence, starting with the thought that fraud and data theft won’t happen to you. Most firms look in the wrong direction, by focussing on external […]
Standardized screening for data security risk
Best practices for data security are still evolving – as there are no industry-standard data security metrics and a confusing array of regulatory compliance and industry standards – PCI DSS 1.2, Sarbanes-Oxley, FISMA, ISO2700x – just to name a few. Organizations (government included) currently use a combination of tactics – penetration testing, vulnerability analysis (usually […]
