Data discovery and organization
The problem is that you know where you start, you don’t know where you finish and you will always have trouble organizing the useful references you collect on the way. After a call with a client, I started investigating how to provide high value scientific data in a social network for doctors and medical representatives […]
Data security case study
A lot of companies do V/A (vulnerability assessments) with scanners like Beyond Security or Nessus. We took a hybrid approach for an internal security assessment using a Fidelis Security Systems network DLP appliance for detecting data loss vulnerabilities and structured human interviews to identify assets and analyze business threats such as competitors who might steal […]
Social networks, not branded networks
Apparently people in a social network like Facebook don’t mind the ads but they would not join a branded group according to this article Social network users reluctant to join branded groups Less than one third of social network users would be willing to join a brand’s group even with the offer of exclusive or […]
A great year for data thieves
The Verizon Business Report on data breaches 2009 was released – the data breach investigations report headlines with 285 million data records breached in 2008: 91% of attackers were organized crime 74% of attacks by malicious outsiders 67% of vulnerabilities due to system defects 32% implicated business partners The report must be particularly disturbing to […]
The Fallacies in Obama public policy
Look at this graph From the graph, we see that the GDP dropped dramatically from 1929 to 1932 despite fairly constant government spending on stimulus programs (although the graph does not tell the story of the jinking and shifting in the Roosevelt stimulus packages). The big uptick in GDP happened from 1935-1938 with no visible […]
Preventing intellectual property abuse
One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash […]
Why do people commit crimes?
The president of a prospect was recently discussing with us whether Oracle IRM (information rights management) was a good way of preventing data loss, and a viable alternative to a DLP (data loss prevention) system. Rights management would appear at first blush to be orthogonal to data loss prevention but it’s an interesting question that […]
Why I am voting Likud
My friend Jacob Richman wrote a page on his web site explaining why he will vote Ichud Leumi (NUP). As a person who has traditionally voted for religious/Zionist parties – I feel compelled to answer Jacob in public. There are a number of flaws in his argumentations regarding the National Union Party (NUP) 1. The […]
A strategic inflection point in the security industry
Compliance is like being at all the rehearsals with a sharp pencil and playing your part perfectly – but not showing up to the gig. Being inside a strategic inflection point of change is like waking up during your own murder. Inside a strategic inflection point of change, the people inside the system are not […]
The financial impact of cyber threats
Kudos to ANSI for publishing a free guide to calculating cyber risk. Better late than never – thousands of security professionals in the world use the Microsoft Threat Modeling Tool and the popular free threat modeling software PTA, to calculate risk in financial terms – not to mention the thousands of other users of risk […]
