What is the best way for a business to prevent data breaches?
Let’s start with the short version of the answer – use your common sense before reading vendor collateral. I think PT Barnum once said “There is a sucker born every minute” in the famous Cardiff Giant hoax – (although some say it was his competitor, Mr. George Hull. Kachina Dunn wrote how Microsoft got security […]
Cloud security assessment
A customer case study – cloud security assessment Faced with a steep bill for securing a new cloud application, a client asked us to help find a way to reduce their risk exposure at the lowest possible cost. By using the Business Threat Modeling methodology and PTA (Practical Threat Analysis) software, we were able to build a […]
Message queuing insecurity
I met with Maryellen Ariel Evans last week. She was in Israel on vacation and we had coffee on the Bat Yam boardwalk. Maryellen is a serial entrepreneur; her latest venture is a security product for IBM Websphere MQ Series. She’s passionate about message queue security and I confess to buying into the vision. She […]
Using DLP to prevent credit card breaches
I think that Data Loss Prevention is great way to detect and prevent payment card and PII data breaches. Certainly, all the DLP vendors think so. Only problem is, the PCI DSS Council doesn’t even have DLP in their standard which pretty much guarantees zero regulatory tail wind for DLP sales to payment card industry […]
On data retention – when not to backup data?
It is often assumed that the problem of data retention is about how to backup data and then restore it quickly and accurately, if there is a security event or system crash. But, there are important cases, where the best data retention strategy is not to backup the data at all. The process of backup […]
Cyber crime costs over $1 trillion
A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the […]
3GPP Long Term Evolution – new threats or not?
3GPP Long Term Evolution (LTE), is the latest standard in the mobile network technology tree that produced the GSM/EDGE and UMTS/HSPA network technologies. It is a project of the 3rd Generation Partnership Project (3GPP), operating under a name trademarked by one of the associations within the partnership, the European Telecommunications Standards Institute. The question is, what will be […]
Medical device security trends
Hot spots for medical device software security I think that 2011 is going to be an exciting year for medical device security as the FDA gets more involved in the approval and clearance process with software-intensive medical device vendors. Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams and […]
Using DLP to protect your source code
Dec 10, 2010. Sergey Aleynikov, a 40-year-old former Goldman Sachs programmer, was found guilty on Friday by a federal jury in Manhattan of stealing proprietary source code from the bank’s high-frequency trading platform. He was convicted on two counts — theft of trade secrets and transportation of stolen property — and faces up to 10 […]
Why the Europeans are not buying DLP
It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the […]
