The problem of security information sharing
In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The […]
Research data integrity
I usually write about best practices and practical tools to prevent data theft, data loss and data leakage – since our professional services focus on data security in Central and Eastern Europe. Data security is, I guess a sub-specialty of security and compliance. Security is chartered with ensuring the survival of a business and protecting […]
Sharing security information
I think fragmentation of knowledge is a root cause of data breaches. It’s almost a cliche to say that the security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years. It is apparent that government regulation is ineffective in preventing identity […]
Return on security investment
The Control Policy Group is presenting a series of 6 free online workshops starting Sep 3, 2009 at 15:00GMT. The first workshop, “Using data security metrics and a value-based approach”, will teach measurement of how well security tools reduce Value at Risk in dollars (or in Euro) and how well they will do 3 years […]
The threat behind the House Tri-Committee Bill on Health Care
Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn. I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting. I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity […]
Simplicity and technical superiority
In today’s environment of financial crisis, the tradeoff managers usually make is coverage against cost. IT and corporate management are more concerned with reducing outsourcing costs and cutting back on professional services instead of achieving and sustaining technical excellence in security and compliance. Technical superiority in IT security will not enlarge your market share or […]
Reducing risk of major data loss events
Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons Hellman proposes that we need a third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been […]
World Recession and Japan
Courtesy of my buddy Todd Walzer from iLand6 in Japan –This week the Nikkei reported that Japanese industry will cut IT spending 20-30% in 2009.Q3 2008 was the 2nd consecutive quarter the economy shrank, albeit by only 0.1%.The recession in Japan is less severe than in the West, for a few reasons:
The death of risk assessment
We saw the movie “Blood Diamonds” last night; the way some companies practice IT risk management reminds me of TIA – “This is Africa”. Joseph Granneman talks about some of the problems with conventional IT risk assessment on Searchsecurity.com Risk assessment, as currently practiced in information security, is dead. I’m not saying we need to […]
Risk management – bringing brick and mortar security to IT
I was talking with a prospect yesterday who is an information security manager; extremely professional and creative at what he does. In the course of the conversation, I realized that there are fundamental differences in mentality between IT and Security practitioners. Back when I wrote COBOL/CICS applications for Tadiran Information systems – some of our […]