Information security: Is psychology more important than technology?
I believe that 3 psychological reasons are the root cause of why many organizations worldwide do not take a leadership position in enterprise information protection. Preventing information security events is an admission of weakness. Why spend money on technology when the first step is admitting that you’re vulnerable? We live in an age of instant […]
Data discovery for data loss prevention
A few years ago I did some work for an Israeli startup called nLayers that did applications, servers and devices discovery. They were later acquired by EMC. I thought it was a brilliant idea at the time, since large IT organizations don’t really know what assets they have in their IT portfolio. Therefore, it should […]
It’s My Way or “La Puerta”
The role of a supervisor in protecting company data. There is a feeling of entitlement in the Western world that enables employees to use company resources for private purposes. If can use a pencil, you can use a phone, if you can use a phone, you can use your PC to surf the Net on […]
Product counterfeiting in aerospace industry
This seems to be my weekend for product counterfeiting. I was in Tel Aviv last week on Dizengoff and picked up a couple of paperbacks at the “Book Junkie” bookstore for 5 sheqels/book (that’s about $1.25!) – one of them was Michael Crichtons’ novel Airframe (The book is genuine… and they have an amazing collection […]
Choosing a data loss prevention solution
Data security is not one-size fits all. For example, if the threat scenario is an attack on your customer self-service Web application – obfuscating or encrypting fields in database tables is not an effective security countermeasure; you need a network DLP solution to prevent leaks of clear text data and a software security assessment that […]
Ethics and data loss prevention
Are we loving the attackers and prosecuting the victims? In data security – I don’t subscribe to utilitarian ethics (which attempts to balance the benefit versus the damage of an act) and can lead to the ends justifying the means. For data security and compliance – I personally implement the “Ten commandments” approach – if […]
Data security – is psychology more important than technology?
We had a discussion with a prospect for a DLP (data loss prevention) system) that started with discussing the pros and cons of various DLP solutions (Verdasys, Mcafee DLP, Websense, Fidelis Security) and finished with a drill-down into how they can build a business case to acquire and implement data security technology. After a very […]
Less regulation, increased data security
Data security compliance regulation such as PCI DSS 1.2 is a double-edged sword – as a security checklist it’s an important step for the payment card industry but too much regulation, especially for small to mid-sized businesses is too much of a good thing. As my maternal grandmother, who spoke fluent Yiddish would yell at […]
Imperfect knowledge security
Keeping the organization robust in a highly dynamic threat environment Our capacity to predict will be confined to . . . general characteristics of the events to be expected and not include the capacity for predicting particular individual events. . .Yet the danger of which I want to warn is precisely the belief that in […]
Scientific New York Post
I recently saw a great piece of pseudo-science courtesy of Websense describing the cost of data loss and amazing ROI for the Websense Data Security solution. (a friend who studied physics with me used to call this sort of writing “Scientific New York Post”) See Websense white paper ROI of DLP Bruce Schneier correctly notes […]
