Social networking business models
A colleague who has a startup in the US for social networking for doctors was whining to me the other day that advertising business models are dead for everyone except the top 5-10 Internet properties like Yahoo and Google. He said that Google does a great job of aggregating ads from small Web site but […]
Imperfect knowledge security
Keeping the organization robust in a highly dynamic threat environment Our capacity to predict will be confined to . . . general characteristics of the events to be expected and not include the capacity for predicting particular individual events. . .Yet the danger of which I want to warn is precisely the belief that in […]
Pharmas, Web 2.0 and regulation
For a change – ethics based regulation that differentiates between the medium and the message. Dr. Jean Ah Kang, works at DDMAC and is in charge of Web 2.0 policy development. She speaks very well at her interview with Mark Senak, a regulatory affairs lawyer ( eyeonfda.com ). Here is the podcast: FDA’s views and […]
Scientific New York Post
I recently saw a great piece of pseudo-science courtesy of Websense describing the cost of data loss and amazing ROI for the Websense Data Security solution. (a friend who studied physics with me used to call this sort of writing “Scientific New York Post”) See Websense white paper ROI of DLP Bruce Schneier correctly notes […]
Designing a data security system
User-Driven Design versus User-Centered design Alan Cooper, in his book The Inmates are Running the Asylum, draws a distinction between user-centered design and user-driven design. User-driven design is about collecting, prioritizing and implementing a system to the user requirements – we’ve all been seen software development projects where the requirements spiraled out of control and […]
The role of user accountability and training in data security
In this article I will show that DLP technology such as Fidelis XPS, Mcafee DLP, Verdasys Digital Guardian, Websense Data Security Suite and Symantec Data Loss Prevention 9 – is a necessary but not sufficient condition for effective data security. I submit that effective data security is a three-legged stool of: Monitoring – using DLP […]
Data at rest encryption
Two days in the same week to run into FCPA issues is strange. A prospect in Poland (ENEA) recently acquired Euro 6 million worth of disks from Hitachi and explained the purchase as a data loss prevention measure (Hitachi has data at rest encryption- i.e. the controller encrypts the data on the disk, which makes […]
Turning the tables on data theft
The State of Virginia is offering a very substantial reward for information that leads to the arrest of a malicious attacker who stole 8 million data records.
Entrapment – a solution for insider threats?
Not sweet, not a solution and not for insider threats. Roger Grimes on Infoworld is trying to promote the idea that entrapment tactics with a honeypot can be a cheap, easy, and effective warning system against the trusted insider gone bad. Of course, I don’t blame Roger for trying to game the search engines with […]
Imperfect knowledge security
A few months ago I wrote about The Black Swan of Security – how major data loss events have 3 common characteristics – 1) A major data loss event appears as a complete surprise to the company . 2) Data loss has a major impact to the point of maiming or destroying the institution (note […]
