Preventing document leaks
Pharmaceutical manufacturer Mylan has recently sued the Pittsburgh Post-Gazette over a series of stories describing safety issues in the Morgantown, Va., plant. The basis for the stories were documents leaked by workers in the plant – and although the information on the background to the leak is sparse – an FDA inspection has confirmed that […]
Detecting structured data loss
Loss of large numbers of credit cards is no longer news – DLP (data loss prevention) technologies are an excellent way of obtaining real time monitoring capability without changing your network and enterprise applications systems. Typically when companies are considering a DLP (data loss prevention ) solution – they start by looking at the offerings […]
I want data loss reasons, not numbers
Media reporting of data breach events like the UK NHS, Heartland, Hannaford and Bank of America has overwhelming focussed on the raw numbers of customer data records that were breached. Little information is available regarding the root causes – how attackers exploited the system and people vulnerabilities to get the data. Although US legislation requires […]
Practical information policy
Does this look simple to you? I think it’s time to get back to security basics after reading the news this morning. Yesterday, there was a run of high profile data security events: the Mozilla store data breach, the DDOS attack on Twitter and Web defacing by a Palestinian cyber-terror group on leftist Israeli Kadima […]
Information security: Is psychology more important than technology?
I believe that 3 psychological reasons are the root cause of why many organizations worldwide do not take a leadership position in enterprise information protection. Preventing information security events is an admission of weakness. Why spend money on technology when the first step is admitting that you’re vulnerable? We live in an age of instant […]
Is security a washing machine?
Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle. It’s always a 4 step cycle, like Symantec’s DLP “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line. It’s like a washing machine cycle that never […]
Data discovery for data loss prevention
A few years ago I did some work for an Israeli startup called nLayers that did applications, servers and devices discovery. They were later acquired by EMC. I thought it was a brilliant idea at the time, since large IT organizations don’t really know what assets they have in their IT portfolio. Therefore, it should […]
It’s My Way or “La Puerta”
The role of a supervisor in protecting company data. There is a feeling of entitlement in the Western world that enables employees to use company resources for private purposes. If can use a pencil, you can use a phone, if you can use a phone, you can use your PC to surf the Net on […]
Data protection for an SME
As Ben Franklin said – “an ounce of prevention is worth a pound of cure”. Three misconceptions regarding data protection and data loss prevention are prevalent in small to medium sized organisations – whether in manufacturing, distribution or education or in a service business. In my professional security practice over the past 5 years providing […]
Three simple ways of preventing data loss
When I was a solid state physics grad student at Bar Ilan, I had two advisors – Prof. Nathan Aviezer and Prof. Moshe Kaveh (who is now the President of the university). Aviezer was fond of saying that he only does simple things. I was calculating electrical conductivity of aluminum at low temperatures and due […]
