Data security and compliance – Best practices

Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]

How to valuate information assets

A client recently asked: How do I assign a dollar value to an assets?…should I use the  purchase value of the asset, replacement value or expected damage to the company if the asset were stolen or exploited? Estimating asset value is without doubt the most frequent question we get when it comes to calculating data […]

Small Business Information Security

Small businesses need information security – perhaps even more than a big business because they probably have less resources and are more vulnerable to hackers. NIST has released guidelines for Small Business Information Security –

Dissonance is bad for business

In music, dissonance is  sound quality which seems “unstable”, and has an aural “need” to “resolve” to a “stable” consonance. Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes. […]

The death of Google Adwords

I don’t really understand why anyone would want to pay Google money for Adwords. I ran a little experiment recently to promote our web sites using Google Adwords and Twitter. Here are the results: The results of my little online marketing experiment show a huge advantage for Twitter with focused search phrases in bios over […]

The threat behind the House Tri-Committee Bill on Health Care

Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn.  I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting. I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity […]

The role of DLP in IP protection

A common conversation I have with my technology clients  touches on patent protection as a  security countermeasure against abuse of intellectual property. The short answer is that if you’re not DuPont or Roche, then patent protection is not going to help you very much. If you develop software , you are probably infringing  someone’s patents […]

Data loss prevention at work – video and porn

Bahya ibn Paquda was the author of the first Jewish system of ethics written in Arabic in 1040 under the title Al Hidayah ila Faraid al-Qulub, Guide to the Duties of the Heart. In his view, most people acted in accord with selfish, worldly motives. This was almost 2,000 years ago before the age of […]

The death of risk assessment

We saw the movie “Blood Diamonds” last night;  the way some companies practice IT risk management reminds me of TIA – “This is Africa”.  Joseph Granneman talks about some of the problems with conventional IT risk assessment on Searchsecurity.com Risk assessment, as currently practiced in information security, is dead. I’m not saying we need to […]

The credit crunch, Cisco and Nortel

I was talking with my friend Gennady Weizman yesterday about medium term (as in the next 6-18 months) impact of the current financial markets crisis on the tech market.   Most of our business is in the telecom industry – so I have an interest in whether our clients will have money to spend. it appears […]