Building a business case for DLP
At a meeting with one of our clients last week – the question of business case for data loss prevention came up quite strongly. It started with the client saying that they were hearing that while vendors like Symantec and Websense were getting a lot of customers to buy their DLP products – many […]
Worst executive behavior of the month award
For my Israeli readers – הדבר היחיד שיותר גרוע מלהיות לא רציני זה לצאת פרייר. I’m collecting data for a couple of articles on data security in social networks and ad-hoc mobile networks so I’ve been a little slow on blogging lately – so I’m down to general management and risk management stuff. I think […]
Small Business Information Security
Small businesses need information security – perhaps even more than a big business because they probably have less resources and are more vulnerable to hackers. NIST has released guidelines for Small Business Information Security –
Data security for an SMB – Flying First Class on a budget
A talk I give recently at one of our Thursday online workshops on data security More data security presentations from danny lieberman
Cultural factors in security
At the DLP Expert 2009 conference in Moscow 2 weeks ago I heard the following insight from Bill Nagel from Forrester: American companies are rule-based. 40% of US companies state that they have implemented some form of DLP technology. European companies are principles-based. In EMEA, 80% of chief security officers do not have plans to […]
DLP – a Disturbing Lack of Process?
Ted Ritter has suggested that we rename DLP a Disturbing Lack of Process Indeed DLP is not a well-defined term – since so many vendors (Kaspersky anti-virus, McAfee anti-virus, Symantec anti-virus, Trend Micro Provilla, CA Backup…you name it) have labeled their products “Data loss prevention” products in an attempt to turn the tide of data […]
Bribes as a way of doing business, the Obama Peace Prize
When I talk about employee data security vulnerabilities, I like to bring examples of how gambling or cyber-stalking can threaten an employee and make them vulnerable into being exploited and disclosing or manipulated company information. A competitor or criminal may offer to help with a gambling debt in return for stealing some documents. That’s a […]
Data security for SMB
Yesterday, I gave a talk at our Thursday security Webinar about data security for SMB (small to mid-sized businesses). I’ve been thinking about DLP solutions for SMB for a couple of years now; the market didn’t seem mature or perhaps SMB customer awareness was low, but with the continued wave of data security breaches, everyone […]
Is PCI DSS a failure?
A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey. Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical […]
Information security best practices workshops
Every Thursday at 14:00 GMT we host a best practice security workshop online for business professionals, vendors and consultants. There is a short high-quality presentation and we share knowledge gained in the trenches. It’s 20 minutes, it’s free and it’s always a lot of fun. Register Here you will receive a confirmation email with a […]
