A great year for data thieves
The Verizon Business Report on data breaches 2009 was released – the data breach investigations report headlines with 285 million data records breached in 2008: 91% of attackers were organized crime 74% of attacks by malicious outsiders 67% of vulnerabilities due to system defects 32% implicated business partners The report must be particularly disturbing to […]
Saving money and jobs
Paul Levy, the CEO of Beth Israel Hospital in Boston in a wonderful video on cutting costs and protecting low-wage workers on the PBS (Public Broadcasting System) channel in the US talks about how he got buy-in for change. Saved $16M and 450 jobs from layoffs. He outlines 4 steps for getting buyin for the […]
The death of regulation
I recently ran into a 2 year old post that decried the use of the term extrusion prevention calling it the “worst tech term of the year” I will cut the author of the article some slack as it was back in 2007 and a lot of folks were just coming to grips with the […]
Security metrics anti-design patterns
I’ve been thinking recently about how most of our clients don’t collect security metrics. Then I got thinking about how there are anti-design patterns that typify firms with a higher level of vulnerability to a major data loss event. Running security is not different from running a business – you have assets and threats, vulnerabilities […]
German homeland security
I am on an email distribution list from the Israeli Export Institute for Israeli software and security companies. The Export Institute is organizing an event for Protecting Critical Infrastructure – the event is slated to take place Brandenburg, in Berlin-Schönefeld, 18 – 20 May 2009. I liked the use of standard security market-speak to describe the opportunity […]
Using threat modeling to select and justify security purchases
Hot humint straight in from the field of data security. I don’t have Symantec’s marketing budget and head count or Gartner reports telling me that enterprise concerns about high impact data loss events are up. By my clients, data security awareness is up, but budgets are down and out. I think that vendors with strong […]
Facebook-the wisdom of crowds is the security of crowds
Facebook management are correct in their policy of not vetting applications and letting the wisdom of crowds become the security of crowds. The best security countermeasure is a lot of eyeballs and 3 people tackling a terrorist in an airplane is the cheapest and most effective anti-terrorism measure. Fifteen years ago when I worked at […]
Preventing intellectual property abuse
One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash […]
Orange Israel customer service sucks
I have been an Orange mobile subscriber for over 10 years – since they launched and I’m generally very happy with the operation of the network but it’s clear that if they managed their mobile network with the same incompetence that they manage their online services – Partner would have gone bankrupt years agao. Orange […]
The black swan of security
A major data loss event like Hannaford Supermarkets (4M credit card records leaked…) is a black swan as described by Nassim Nicholas Taleb – it has three characteristics: Appears as a complete surprise to the company Has a major impact to the point of maiming or destroying the institution (note the case of Card Systems […]
