The top 2 responses to data security threats
How does your company mitigate the risk of data security threats? Is your company management adopting a policy of “It’s other peoples money”? In a recent thread on LinkedIn – Jody Keyser shared some quotes from David Vose’s book on risk, reliability and computerized risk modeling: Risk Analysis a quantitative guide. The responses to correctly identified […]
The 4 questions
One of the famous canons in the Jewish Passover “seder” ritual is 4 questions from 4 sons – the son who is wise, the son who is wicked, the son who is innocent and the son who doesn’t know enough to ask. I sometimes have this feeling of Deja vu when considering data security technology […]
DLP psychology or DLP technology?
Thoughts of change in the way IT and security will operate – In many corners of the corporate HQ, in fact, there are plenty of execs who, from time to time, would probably take pleasure in watching IT fail, a la Lehman Brothers. …Why the new normal could kill IT..from my colleague – Michel Godet I believe […]
Cultural factors in DLP
What is interesting and generally overlooked – is the cultural differences between the US and the rest of the world. The Europeans prefer a more nuanced approach stressing discipline and procedures,The Americans are compliance driven and IT top heavy, I imagine if you look at DLP sales – 98% are in the US, being (right or […]
Learning about change and changing your security
Reading through the trade press, DLP vendor marketing collateral and various forums on information security, the conventional wisdom is that the key threat to an organization is trusted insiders. This is arguable – since it depends on your organization, the size of the business and type of operation. However – This is certainly true […]
Data discovery and DLP
A number of DLP vendors like Symantec and Websense have been touting the advantages of data discovery – data at rest and data in motion. Discovery of data in motion is an important part of continuous improvement of data security policies. However – there are downsides to data discovery. Discovery is a form of voyeurism […]
Do you have a business need for DLP?
To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book Will security vendors, large to small (Symantec, Mcafee, nexTier, ANBsys and others..) succeed in restoring balance and harmony to their customers by relabeling their product suites as unified content […]
Business unit strategy for data security
At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value. Hmm. This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to […]
How can we convince our VP that a network-based DLP makes sense?
My colleague, Michel Godet – sent me a link to an article that Mike Rothman recently wrote. Michel (rightly) thinks that it supports the approach that we have been pushing in Europe for over a year now, to justify data security technology investments by using Value at Risk calculations. Mike’s article – building a business […]
Data security and compliance – Best practices
Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]
