Business process mapping and risk management
Many risk management consultants tell organizations that they must perform a detailed business process mapping and build data flow diagrams of data and users who process data in order to achieve compliance and reduce the operational risk of information security. This is a very bad idea. Business process mapping is an expensive task to execute […]
Websense Data Security Suite versus Verdasys Digital Guardian
A client recently asked me to help her compare the two DLP solutions. Here is what I said: Consider business, functional and technical perspectives when comparing Websense Data Security Suite with Verdasys Digital Guardian.
Data loss trends
There is a slight uptick in demand for our services, which I’ve put down to more aggressive marketing on our part. However – industry analysts have some interesting takes on which companies invest in data loss prevention. Not surprisingly – regulated industries (telecom, finance) buy DLP, unregulated (retail/manufacturing) and small-medium sized business don’t buy DLP. […]
A great year for data thieves
The Verizon Business Report on data breaches 2009 was released – the data breach investigations report headlines with 285 million data records breached in 2008: 91% of attackers were organized crime 74% of attacks by malicious outsiders 67% of vulnerabilities due to system defects 32% implicated business partners The report must be particularly disturbing to […]
A buyer’s guide to network DLP
My friend David Etue, who is VP Product Management over at Fidelis Security Systems has been writing a work in progress over the past couple years called A buyer’s guide to network DLP As David writes – Network data leakage prevention (network DLP) is the process of stopping the unauthorized disclosure of digital assets out […]
Preventing intellectual property abuse
One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash […]
A strategic inflection point in the security industry
Compliance is like being at all the rehearsals with a sharp pencil and playing your part perfectly – but not showing up to the gig. Being inside a strategic inflection point of change is like waking up during your own murder. Inside a strategic inflection point of change, the people inside the system are not […]
Speed is everything
Jeżeli wydaje ci się, że wszystko jest pod kontrolą, to na pewno nie jedziesz wystarczająco szybko. If you think everything is under control, it certainly is not going fast enough. Mario Andretti,Formula 1 Driver I saw this quote today and I was reminded of a takeaway from Andy Grove’s book – “Only the paranoid succeed”. […]
Houston, we have a problem
Are you like the rest of the lemmings? Most companies we know – don’t have the faintest idea of what’s going on inside the corporate network. Once the company management discovers that almost all their employees cc company documents to their gmail accounts so they can access the data at home – it becomes […]
Agency Accidentally Posts Social Security Numbers Online
I think the expression is – “the road to hell is paved with good intentions”. I got wind of this data breach event from the IS Alliance. As reported by WFTV Orlando – Social security numbers for 250,000 people were posted online by mistake, and a state agency is facing serious questions about why it […]