I want data loss reasons, not numbers
Media reporting of data breach events like the UK NHS, Heartland, Hannaford and Bank of America has overwhelming focussed on the raw numbers of customer data records that were breached. Little information is available regarding the root causes – how attackers exploited the system and people vulnerabilities to get the data. Although US legislation requires […]
Practical information policy
Does this look simple to you? I think it’s time to get back to security basics after reading the news this morning. Yesterday, there was a run of high profile data security events: the Mozilla store data breach, the DDOS attack on Twitter and Web defacing by a Palestinian cyber-terror group on leftist Israeli Kadima […]
Information security: Is psychology more important than technology?
I believe that 3 psychological reasons are the root cause of why many organizations worldwide do not take a leadership position in enterprise information protection. Preventing information security events is an admission of weakness. Why spend money on technology when the first step is admitting that you’re vulnerable? We live in an age of instant […]
Data discovery for data loss prevention
A few years ago I did some work for an Israeli startup called nLayers that did applications, servers and devices discovery. They were later acquired by EMC. I thought it was a brilliant idea at the time, since large IT organizations don’t really know what assets they have in their IT portfolio. Therefore, it should […]
It’s My Way or “La Puerta”
The role of a supervisor in protecting company data. There is a feeling of entitlement in the Western world that enables employees to use company resources for private purposes. If can use a pencil, you can use a phone, if you can use a phone, you can use your PC to surf the Net on […]
Data protection for an SME
As Ben Franklin said – “an ounce of prevention is worth a pound of cure”. Three misconceptions regarding data protection and data loss prevention are prevalent in small to medium sized organisations – whether in manufacturing, distribution or education or in a service business. In my professional security practice over the past 5 years providing […]
The threat behind the House Tri-Committee Bill on Health Care
Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn. I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting. I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity […]
Product counterfeiting in aerospace industry
This seems to be my weekend for product counterfeiting. I was in Tel Aviv last week on Dizengoff and picked up a couple of paperbacks at the “Book Junkie” bookstore for 5 sheqels/book (that’s about $1.25!) – one of them was Michael Crichtons’ novel Airframe (The book is genuine… and they have an amazing collection […]
Three simple ways of preventing data loss
When I was a solid state physics grad student at Bar Ilan, I had two advisors – Prof. Nathan Aviezer and Prof. Moshe Kaveh (who is now the President of the university). Aviezer was fond of saying that he only does simple things. I was calculating electrical conductivity of aluminum at low temperatures and due […]
Simplicity and technical superiority
In today’s environment of financial crisis, the tradeoff managers usually make is coverage against cost. IT and corporate management are more concerned with reducing outsourcing costs and cutting back on professional services instead of achieving and sustaining technical excellence in security and compliance. Technical superiority in IT security will not enlarge your market share or […]
