The case for a guild of security consultants
The notion of a security consultant guild is a seductive idea. Promoting quality, defining service levels and enhancing professional standing are good things, but there is a red ocean of professional forums so – I would not just jump in and start a guild. Just take a look at forums like LinkedIn and Infosec Island […]
Wishing is not enough
This time of year I get lots of mail wishing me a good year.
Windows USB vulnerabilities reign supreme
In an article to be published Wednesday August 26, 2010 discussing the Pentagon’s cyberstrategy, Deputy Defense Secretary William J. Lynn III says malicious code placed on a removable drive by a foreign intelligence agency in 2008 uploaded itself onto a network run by the U.S. military’s Central Command – source: Washington Post “That code spread […]
Why security defenses don’t prevent data breaches
Assuming you knew why a data breach will happen, wouldn’t you take your best shot at preventing it? Consider this: Your security defenses don’t improve your understanding of the root causes of data breaches, and without understanding the root causes – your best shot is not good enough. Why is this so? First of all – […]
More nonsense with numbers
Now it’s some lazy journalist at Information Week aiding and abetting the pseudo-statistics of of the Ponemon Institute – screaming headlines of the cost of data breaches of PHI – protected healthcare information According to Information Week; Analysis: Healthcare Breach Costs May Reach $800 Million Since the Health Information Technology for Economic and Clinical Health […]
Data security breaches can wreak havoc on people’s lives
Aug 7, 2010 WASHINGTON, D.D.—U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV) today introduced legislation to require businesses and nonprofit organizations that store consumers’ personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the […]
Professional skill sets
We spent the past week in Tzfat (Safed) – situated in the northern part of Israel and with a 900meter elevation, the weather is cool and dry and a welcome relief from the humidity and heat of Tel Aviv. We met a couple at dinner one evening – the husband is a retired aerospace software […]
Health insurer data breaches
switched.com is having trouble understanding the attack vector of a data breach. They apparently believe that software vulnerabilities can be mitigated by consumers “actively protecting their information”. Hackers recently attacked WellPoint, a health insurer which reportedly covers 34 million people. As a result of the breach, the company notified 470,000 individual customers that confidential information, […]
Operational risk management – what we really need
Operational risk management has been the buzz word du-jour in recent years, due to the Basel II initiative in the banking industry and Solvency II in the insurance industry. The Basel II definition of operational risk is “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.” […]
Data security in the cloud
It seems that with amorphous and rapidly evolving trend of storing data in cloud providers and social media like Twitter and Facebook, that social media and cloud computing is the next frontier of data security breaches. And – here, we have not even solved the problem of trusted insiders. The letter of the law is […]
