Is IT equipped to deal with clear and present danger?
Are the security lights on, but no one is home at your company? An April 2010 survey of 80 chief security officers and over 200 members of ASIS International (a trade association for corporate security professionals) basically says that while most large organizations have risk analysis processes – there is no one in charge of risk […]
Controlled social networking
I saw a post recently on Controlled social networking for student collaboration. One of the comments lamented not having the head count to install technology to control Facebook access by students. Frankly – as a data security and compliance consultant who does a lot of work with corporates in social networking (both on the application side […]
Are you still using Excel for risk assessment?
There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed. A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional […]
Database activity monitoring
If you deploy or are considering data security technology from Websense, Fidelis, Verdasys , Guardium, Imperva or Sentrigo – do you give a DAM ? It seems that DLP (data loss prevention) vendors are moving up the food chain into DAM (database activity monitoring)? As customers deploy two products in parallel (for example Imperva and […]
What price privacy?
Dr. David Gurevich in an interview with the Israeli business daily Globes predicts that real time death will be the next development in reality programming. Once the domain of science fiction and fantasy – Dr. Gurevich believes that the online death scenario is an inevitable development in the loss of privacy and wave of voyeurism […]
Economic crime vulnerabilities
The key vulnerabilities of a business to fraud and data loss are rooted in the four sins of hubris: thinking, looking, fighting and denying. Hubris is defined as excessive pride or self-confidence, starting with the thought that fraud and data theft won’t happen to you. Most firms look in the wrong direction, by focussing on external […]
The next generation of risk analysis
“What me worry – I’ve got a regulatory check list and an enterprise risk management system to manage the process”. I want to talk about under-thinking the risk analysis and over-spending on the solution. I believe that there is a fundamental flaw in enterprise risk management systems – they don’t really tell the organization something […]
Data loss prevention at work – video and porn
Bahya ibn Paquda was the author of the first Jewish system of ethics written in Arabic in 1040 under the title Al Hidayah ila Faraid al-Qulub, Guide to the Duties of the Heart. In his view, most people acted in accord with selfish, worldly motives. This was almost 2,000 years ago before the age of […]
Ethics and data loss prevention
Are we loving the attackers and prosecuting the victims? In data security – I don’t subscribe to utilitarian ethics (which attempts to balance the benefit versus the damage of an act) and can lead to the ends justifying the means. For data security and compliance – I personally implement the “Ten commandments” approach – if […]
