Security is not about adding value – Security is about protecting your ability to add value
People sometimes ask me what I do (my Dad, who is 85, reads my blog so he knows already). If it’s a neighbor, I’ll say – “I work in computers”, if it’s an IT person – I might say – “I work in information security” and if it’s a security colleague – I will say […]
DLP – a Disturbing Lack of Process?
Ted Ritter has suggested that we rename DLP a Disturbing Lack of Process Indeed DLP is not a well-defined term – since so many vendors (Kaspersky anti-virus, McAfee anti-virus, Symantec anti-virus, Trend Micro Provilla, CA Backup…you name it) have labeled their products “Data loss prevention” products in an attempt to turn the tide of data […]
Jennifer Lopez Joins the Fight Against Pertussis
Help protect your baby by protecting yourself. Our daughter and son-in-law stayed with us over the weekend recently – listening to one of the babies cough, I realized that there is a lot more to life than enterprise information protection and cost-effective data loss prevention.
Preventing inside jobs with dynamic security
I was talking to Ilan Meller from Identiwall recently. Ilan was a SVP at CA and his latest company is doing serious work with strong identity and authentication management. They have over a million installed home banking users in Israel.. Ilan told me about three product lines – Identiwall for Secure online transactions, Identiwall VPN […]
Toxic assets
Forrester just started calling lost credit card numbers “toxic asset”. Since when is data that is publicly available toxic?
Bribes as a way of doing business, the Obama Peace Prize
When I talk about employee data security vulnerabilities, I like to bring examples of how gambling or cyber-stalking can threaten an employee and make them vulnerable into being exploited and disclosing or manipulated company information. A competitor or criminal may offer to help with a gambling debt in return for stealing some documents. That’s a […]
Overspending on security
From Allan Paller’s testimony before the US Senate I think the quote speaks for itself. Outside the US – it seems even stranger to believe that US companies have enough money for two cyber security organizations paid for by the US taxpayer. However, federal agencies cannot move effectively to more secure systems unless you shift […]
Information security best practices workshops
Every Thursday at 14:00 GMT we host a best practice security workshop online for business professionals, vendors and consultants. There is a short high-quality presentation and we share knowledge gained in the trenches. It’s 20 minutes, it’s free and it’s always a lot of fun. Register Here you will receive a confirmation email with a […]
Selling data security
Big projects are easier to manage than little ones. In the 80s, I worked at EDP, a VAX/VMS software house. We were doing a project for Yellow Pages in Israel and I was introduced to Boaz Dotan – who had just started what was later to become Amdocs, the Israeli software and services giant. Boaz […]
Third party verification of verbal agreements
My lawyer once told me that I should be careful with verbal commitments since a verbal commitment can often be construed as a binding agreement. The question is how to verify the verbal agreement and enforce non-repudiation? There are many cases in life where you want to be able to verify a verbal commitment using […]
