Less regulation, increased data security
Data security compliance regulation such as PCI DSS 1.2 is a double-edged sword – as a security checklist it’s an important step for the payment card industry but too much regulation, especially for small to mid-sized businesses is too much of a good thing. As my maternal grandmother, who spoke fluent Yiddish would yell at […]
The role of leadership in protecting data
Is a little fear in the workplace a good thing? Management Rewired, is a new book by the consultant Charles Jacobs. Instead of standardized procedures, dictated targets and harsh but true feedback, Jacobs suggests we’ll get better results “if, rather than trying to thwart their natural inclinations, we just accept how people behave and make […]
What is a DLP solution?
These days everyone has a DLP solution – it’s like a Dilbert cartoon. The latest and definitely most effective DLP product is – you guessed it – the venerable Cheyenne Arcserve Backup. I got this in the email today. THIS FEATURED DOWNLOAD SPONSORED BY: CA IT Problem: IT managers are expected to withstand a wide […]
Designing a data security system
User-Driven Design versus User-Centered design Alan Cooper, in his book The Inmates are Running the Asylum, draws a distinction between user-centered design and user-driven design. User-driven design is about collecting, prioritizing and implementing a system to the user requirements – we’ve all been seen software development projects where the requirements spiraled out of control and […]
The role of user accountability and training in data security
In this article I will show that DLP technology such as Fidelis XPS, Mcafee DLP, Verdasys Digital Guardian, Websense Data Security Suite and Symantec Data Loss Prevention 9 – is a necessary but not sufficient condition for effective data security. I submit that effective data security is a three-legged stool of: Monitoring – using DLP […]
Turning the tables on data theft
The State of Virginia is offering a very substantial reward for information that leads to the arrest of a malicious attacker who stole 8 million data records.
Entrapment – a solution for insider threats?
Not sweet, not a solution and not for insider threats. Roger Grimes on Infoworld is trying to promote the idea that entrapment tactics with a honeypot can be a cheap, easy, and effective warning system against the trusted insider gone bad. Of course, I don’t blame Roger for trying to game the search engines with […]
Imperfect knowledge security
A few months ago I wrote about The Black Swan of Security – how major data loss events have 3 common characteristics – 1) A major data loss event appears as a complete surprise to the company . 2) Data loss has a major impact to the point of maiming or destroying the institution (note […]
Data discovery and organization
The problem is that you know where you start, you don’t know where you finish and you will always have trouble organizing the useful references you collect on the way. After a call with a client, I started investigating how to provide high value scientific data in a social network for doctors and medical representatives […]
Open Access publishing
The GM of a prospect recently asked me how to control disclosure of internal research documents prior to publication. It had come as a revelation to him that anyone can post on a blog without permission from a central secretariat. I asked him how they control face-to-face information exchange with colleagues or competitors outside the […]