Ten common data security mistakes
Five years ago in October 2004, I wrote a piece on the top ten mistakes companies make in their data security policy and implementation (see the full article – 10 common data security mistakes). I took a few minutes today to update the article in the course of preparing for our next online data security […]
Multi-factor authentication for home banking
For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy […]
Trusted insider threats, fact and fiction
Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating the value of identity and access management in mitigating trusted […]
The problem of security information sharing
In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The […]
Who is the key person in your security organization
In the late 80’s I was a hyperactive programmer at a small VAX/VMS software house. We were group of 5 programmers – we had some nice accounts – like Intel, and National Semiconductor, Hadassah Hospital and Amdocs, but I always felt intimidated by the big IT integrators. One day – my DEC account manager told […]
Personal data that is not confidential
A security colleague of mine told me this week that he’s not on any social networks – he doesn’t want his personal information in the wild. Googling – I would say he has done a good job, staying off the radar and keeping his personal information confidential! Still – he has an Israeli drivers license, […]
Sharing security information
I think fragmentation of knowledge is a root cause of data breaches. It’s almost a cliche to say that the security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years. It is apparent that government regulation is ineffective in preventing identity […]
Return on security investment
The Control Policy Group is presenting a series of 6 free online workshops starting Sep 3, 2009 at 15:00GMT. The first workshop, “Using data security metrics and a value-based approach”, will teach measurement of how well security tools reduce Value at Risk in dollars (or in Euro) and how well they will do 3 years […]
Apache.org hack
Friday morning August 28, a compromised SSH key enabled attackers to deploy a rootkit and upload files to one of the Apache Foundation servers, the files were then synch’ed to a production server. A blog post from the Apache Foundation explained that attackers accessed an account at a hosting provider: “To the best of our […]
Is data loss prevention possible?
I recently saw an article on Computerweekly that asks – “Is data loss prevention possible?” I think that a more relevant question is “Is information protection possible?” The author correctly identifies that it’s easier to access data (and leak it) than to modify or delete data. However, the notion that data is out of control […]
