How to valuate information assets
A client recently asked: How do I assign a dollar value to an assets?…should I use the purchase value of the asset, replacement value or expected damage to the company if the asset were stolen or exploited? Estimating asset value is without doubt the most frequent question we get when it comes to calculating data […]
Small Business Information Security
Small businesses need information security – perhaps even more than a big business because they probably have less resources and are more vulnerable to hackers. NIST has released guidelines for Small Business Information Security –
Data security for an SMB – Flying First Class on a budget
A talk I give recently at one of our Thursday online workshops on data security More data security presentations from danny lieberman
Data security presentations
My prospects are out, it’s beautiful weather (already got my morning ride in thank you) and time to clean up my desk for the weekend. I need to talk about data security presentations. Most of them are horrible – heavy on technical details or heavy on corporate marketing fluff. If the presentation is about same […]
Dissonance is bad for business
In music, dissonance is sound quality which seems “unstable”, and has an aural “need” to “resolve” to a “stable” consonance. Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes. […]
Data security metrics
Anything can be measured. As Bertrand Russell wrote – All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. This is one of the talks I gave at our weekly Thursday seminar – […]
Data loss prevention from inside out
I love how this Cisco video clip on Blip TV starts with examples of DDOS attacks and then uses shots of incoming content filtering and then dramatizes with a cop not allowing a visitor into the booth – what is going on here? Cisco didn’t have budget for an editor who knows the difference between […]
Cultural factors in security
At the DLP Expert 2009 conference in Moscow 2 weeks ago I heard the following insight from Bill Nagel from Forrester: American companies are rule-based. 40% of US companies state that they have implemented some form of DLP technology. European companies are principles-based. In EMEA, 80% of chief security officers do not have plans to […]
Risk in IT
Dissonance between IT and security management. Mark Brewer wrote a thoughtful post on Risk in IT – I liked his use of the term “resilient organizations”, although I have been using the term “robust organizations”. The semantic difference between robustness and resilience may be related to the difference between IT and security management world-views. “Risk […]
The Americanization of IT Research
The Burton Group have released the results of their research that concludes that Symantec (Vontu), RSA (Tablus) and Websense (Port Authority) are the leading DLP vendors. Burton’s choice is indicative of the Americanization of the information security space, where government compliance regulation and large security vendor marketing agendas appear to drive US customer security decisions. […]
