Why security defenses don’t prevent data breaches
Assuming you knew why a data breach will happen, wouldn’t you take your best shot at preventing it? Consider this: Your security defenses don’t improve your understanding of the root causes of data breaches, and without understanding the root causes – your best shot is not good enough. Why is this so? First of all – […]
Data security breaches can wreak havoc on people’s lives
Aug 7, 2010 WASHINGTON, D.D.—U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV) today introduced legislation to require businesses and nonprofit organizations that store consumers’ personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the […]
The top 2 responses to data security threats
How does your company mitigate the risk of data security threats? Is your company management adopting a policy of “It’s other peoples money”? In a recent thread on LinkedIn – Jody Keyser shared some quotes from David Vose’s book on risk, reliability and computerized risk modeling: Risk Analysis a quantitative guide. The responses to correctly identified […]
DLP psychology or DLP technology?
Thoughts of change in the way IT and security will operate – In many corners of the corporate HQ, in fact, there are plenty of execs who, from time to time, would probably take pleasure in watching IT fail, a la Lehman Brothers. …Why the new normal could kill IT..from my colleague – Michel Godet I believe […]
Facebook disclosure cancels raid on terrorists
I want to challenge the effectiveness of top-down, monolithic security frameworks (ISO 27001/PCI DSS) – I submit that rapidly changing threats – social networking, cyberstalking, social engineering, cyber-stalking and custom spyware are threats that exploit people and system vulnerabilities but are not readily mitigated by a top down set of security countermeasures. The recent case […]
Data discovery and DLP
A number of DLP vendors like Symantec and Websense have been touting the advantages of data discovery – data at rest and data in motion. Discovery of data in motion is an important part of continuous improvement of data security policies. However – there are downsides to data discovery. Discovery is a form of voyeurism […]
Do you have a business need for DLP?
To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book Will security vendors, large to small (Symantec, Mcafee, nexTier, ANBsys and others..) succeed in restoring balance and harmony to their customers by relabeling their product suites as unified content […]
Business unit strategy for data security
At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value. Hmm. This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to […]
Data security and compliance – Best practices
Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]
Building a business case for DLP
At a meeting with one of our clients last week – the question of business case for data loss prevention came up quite strongly. It started with the client saying that they were hearing that while vendors like Symantec and Websense were getting a lot of customers to buy their DLP products – many […]
