Chrome OS – not the next big thing
According to a post on the official Google blog – Google will be launching Google Chrome OS to consumers in H2 2010. Reading through the post I saw a few interesting points that got me thinking: Functionality trumps startup speed We’re designing the OS to be fast and lightweight, to start up and get you […]
Data loss prevention for SME
Is a SME like the old German expression – Kleine Kinder kleine Sorgen, große Kinder große Sorgen? “Small children, small problems, big children, big problems”? I wanted to call this post “The need to understand operational risk of information security” – but I realised that op risk is a concept used by big banks and […]
Choosing a data loss prevention solution
Data security is not one-size fits all. For example, if the threat scenario is an attack on your customer self-service Web application – obfuscating or encrypting fields in database tables is not an effective security countermeasure; you need a network DLP solution to prevent leaks of clear text data and a software security assessment that […]
Ethics and data loss prevention
Are we loving the attackers and prosecuting the victims? In data security – I don’t subscribe to utilitarian ethics (which attempts to balance the benefit versus the damage of an act) and can lead to the ends justifying the means. For data security and compliance – I personally implement the “Ten commandments” approach – if […]
Peer support for care givers
It’s the 9th Jahrzeit (annual anniversary) of my Mom’s passing away at age 76 from MSA (multiple system atrophy). There is a lot I can and probably should write about this but there’s no way back once you get MSA. My Mom was clear of mind but almost unable to speak properly towards the end […]
Data security – is psychology more important than technology?
We had a discussion with a prospect for a DLP (data loss prevention) system) that started with discussing the pros and cons of various DLP solutions (Verdasys, Mcafee DLP, Websense, Fidelis Security) and finished with a drill-down into how they can build a business case to acquire and implement data security technology. After a very […]
Exploiting a wireless mesh network for utilities
I think it’s only a matter of time before someone exploits a wireless mesh network that controls and reads home utility meters to get free water and electricity. Until then, there is a problem of range and coverage. Greentech media reports that Trilliant ( a smart meter neighborhood networking startup) has bought SkyPilot for it’s […]
US Military firms recruiting hacker soldiers
It seems that the GFC is creating a movement of migratory hi-tech workers from Silicon Valley to the Beltway. I’m not sure that an unemployed IT security analyst turned hacker is the best choice for a defense contractor – the really good guys and gals are always in demand – and those DC summers are […]
Part I – Pharmas and social networking
I was talking to some folks at a big global pharma last week and I discovered that pharma doesn’t like social networking. (Give me a break – I’m a software security guy, I think about these things in terms of threats to intellectual property and I thought everyone “gets” social networking). If you understand how […]
Less regulation, increased data security
Data security compliance regulation such as PCI DSS 1.2 is a double-edged sword – as a security checklist it’s an important step for the payment card industry but too much regulation, especially for small to mid-sized businesses is too much of a good thing. As my maternal grandmother, who spoke fluent Yiddish would yell at […]
