Imperfect knowledge security
Keeping the organization robust in a highly dynamic threat environment Our capacity to predict will be confined to . . . general characteristics of the events to be expected and not include the capacity for predicting particular individual events. . .Yet the danger of which I want to warn is precisely the belief that in […]
Scientific New York Post
I recently saw a great piece of pseudo-science courtesy of Websense describing the cost of data loss and amazing ROI for the Websense Data Security solution. (a friend who studied physics with me used to call this sort of writing “Scientific New York Post”) See Websense white paper ROI of DLP Bruce Schneier correctly notes […]
Designing a data security system
User-Driven Design versus User-Centered design Alan Cooper, in his book The Inmates are Running the Asylum, draws a distinction between user-centered design and user-driven design. User-driven design is about collecting, prioritizing and implementing a system to the user requirements – we’ve all been seen software development projects where the requirements spiraled out of control and […]
Data security case study
A lot of companies do V/A (vulnerability assessments) with scanners like Beyond Security or Nessus. We took a hybrid approach for an internal security assessment using a Fidelis Security Systems network DLP appliance for detecting data loss vulnerabilities and structured human interviews to identify assets and analyze business threats such as competitors who might steal […]
Why do people commit crimes?
The president of a prospect was recently discussing with us whether Oracle IRM (information rights management) was a good way of preventing data loss, and a viable alternative to a DLP (data loss prevention) system. Rights management would appear at first blush to be orthogonal to data loss prevention but it’s an interesting question that […]
A strategic inflection point in the security industry
Compliance is like being at all the rehearsals with a sharp pencil and playing your part perfectly – but not showing up to the gig. Being inside a strategic inflection point of change is like waking up during your own murder. Inside a strategic inflection point of change, the people inside the system are not […]
Speed is everything
Jeżeli wydaje ci się, że wszystko jest pod kontrolą, to na pewno nie jedziesz wystarczająco szybko. If you think everything is under control, it certainly is not going fast enough. Mario Andretti,Formula 1 Driver I saw this quote today and I was reminded of a takeaway from Andy Grove’s book – “Only the paranoid succeed”. […]
Security Leadership
Gas prices may go down and electricity may get cheaper – but In 2009, most of us will have less money to spend and our clients will be tough on pricing and orders. For information security and compliance professionals it is the time to find, implement and enforce cost-effective security countermeasures. BUT HOW?
Are you on your firewall, while your employees are on Gmail?
Pop question No. 1: What percent of your employees send sensitive company documents to their Gmail accounts? Pop question No. 2: When you layoff 15 percent of your workforce, should you fire the information security manager a) First, b) Last or c) Give her an incentive to help ensure that a data breach of […]
Preventing data loss or reacting to data loss.
I love New York but I live in Israel. DLP (Data Loss Prevention or extrusion prevention) is an important category of IT security that helps protect data from leaving the network. Keeping the good stuff in, as opposed to keeping the bad guys out. Israel has a booming IT security industry with Checkpoint, Radware, Algosec, […]
