Less regulation, increased data security
Data security compliance regulation such as PCI DSS 1.2 is a double-edged sword – as a security checklist it’s an important step for the payment card industry but too much regulation, especially for small to mid-sized businesses is too much of a good thing. As my maternal grandmother, who spoke fluent Yiddish would yell at […]
Data at rest encryption
Two days in the same week to run into FCPA issues is strange. A prospect in Poland (ENEA) recently acquired Euro 6 million worth of disks from Hitachi and explained the purchase as a data loss prevention measure (Hitachi has data at rest encryption- i.e. the controller encrypts the data on the disk, which makes […]
Foreign Corrupt Practices Act: The DoJ and SEC Are Coming
There is compliance to industry regulation like PCI DSS 1.2 which is aimed at consumer protection and then there is compliance to government regulation like the FCPA which is aimed at maintaining a high ethical level of behavior and ensuring a level playing field of business. For a large global company like Monsanto, Merck or […]
Data discovery and organization
The problem is that you know where you start, you don’t know where you finish and you will always have trouble organizing the useful references you collect on the way. After a call with a client, I started investigating how to provide high value scientific data in a social network for doctors and medical representatives […]
BizSpark
I just got an invite to Bizspark from thefunded.com “Microsoft® BizSpark™ is a global program designed to help accelerate the success of early stage startups by providing key resources “; basically free development software and a hook into a community of potential investors. A lot of the comments on techcrunch were of a religious nature, calling […]
Are you a leader or a friend?
Although I served in the Israeli Army – I was what they called a “simple soldier”, a communications tech in a van. Our officer was glad that we kept things working – and that was fair enough we thought. After grad school, serving in the armies of high-tech samurai, I learned that commanders fight with […]
The black swan of security
A major data loss event like Hannaford Supermarkets (4M credit card records leaked…) is a black swan as described by Nassim Nicholas Taleb – it has three characteristics: Appears as a complete surprise to the company Has a major impact to the point of maiming or destroying the institution (note the case of Card Systems […]
2009 CWE/SANS Top 25 Most Dangerous Programming Errors
I’ve been telling customers for years that most security exploits are caused by a small number of software defects (you can download my white paper on Software Security and see how to mitigate enterprise software vulnerabilities systematically using Business threat modeling Still it’s amazing how the trade press are gushing on this – must have […]
World Recession and Japan
Courtesy of my buddy Todd Walzer from iLand6 in Japan –This week the Nikkei reported that Japanese industry will cut IT spending 20-30% in 2009.Q3 2008 was the 2nd consecutive quarter the economy shrank, albeit by only 0.1%.The recession in Japan is less severe than in the West, for a few reasons:
Social contracts for cyber security
An information security industry trade association (the ISAlliance – Internet Security Alliance) has been promoting the notion of a social contract between government and the private sector to improve cybersecurity. The ISAlliance includes representatives from Verizon, the National Association of Manufacturers, Nortel, the CyLab at Carnegie Mellon University, Raytheon, and Northrop Grumman. According to the […]
