Is your DLP project a failure?
Are we in the same valley of death that held content management applications in the 90s? Where companies spent 6-7 figures on content management from companies like Vignette and over 50% of the projects never got off the ground? Tell me what you think in this Linked In poll – DLP success or failure
Data security in the cloud
It seems that with amorphous and rapidly evolving trend of storing data in cloud providers and social media like Twitter and Facebook, that social media and cloud computing is the next frontier of data security breaches. And – here, we have not even solved the problem of trusted insiders. The letter of the law is […]
Is IT equipped to deal with clear and present danger?
Are the security lights on, but no one is home at your company? An April 2010 survey of 80 chief security officers and over 200 members of ASIS International (a trade association for corporate security professionals) basically says that while most large organizations have risk analysis processes – there is no one in charge of risk […]
Standardized screening for data security risk
Best practices for data security are still evolving – as there are no industry-standard data security metrics and a confusing array of regulatory compliance and industry standards – PCI DSS 1.2, Sarbanes-Oxley, FISMA, ISO2700x – just to name a few. Organizations (government included) currently use a combination of tactics – penetration testing, vulnerability analysis (usually […]
The top 2 responses to data security threats
How does your company mitigate the risk of data security threats? Is your company management adopting a policy of “It’s other peoples money”? In a recent thread on LinkedIn – Jody Keyser shared some quotes from David Vose’s book on risk, reliability and computerized risk modeling: Risk Analysis a quantitative guide. The responses to correctly identified […]
Exploiting Apache DoS vulnerabilities
Apache is the world’ most popular Web server for Linux and Windows platforms, and with such a large attack surface, it’s no surprise that attackers are looking to exploit Apache software vulnerabilities. The approach used by XerXeS is somewhat novel in that it is based on a DoS (not DDos) attack and apparentlyrequires relatively modest computing […]
Data discovery and DLP
A number of DLP vendors like Symantec and Websense have been touting the advantages of data discovery – data at rest and data in motion. Discovery of data in motion is an important part of continuous improvement of data security policies. However – there are downsides to data discovery. Discovery is a form of voyeurism […]
Do you have a business need for DLP?
To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book Will security vendors, large to small (Symantec, Mcafee, nexTier, ANBsys and others..) succeed in restoring balance and harmony to their customers by relabeling their product suites as unified content […]
How can we convince our VP that a network-based DLP makes sense?
My colleague, Michel Godet – sent me a link to an article that Mike Rothman recently wrote. Michel (rightly) thinks that it supports the approach that we have been pushing in Europe for over a year now, to justify data security technology investments by using Value at Risk calculations. Mike’s article – building a business […]
Data security and compliance – Best practices
Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]
