Dealing with DLP and privacy
Dealing with DLP and privacy It’s a long hot summer here in the Middle East and with 2/3 of the office out on vacation, you have some time to reflect on data security. Or on the humidity. Or on a cold beer. Maybe you are working on building a business case for DLP technology like Websense or Symantec or Verdasys, or Mcafee or Fidelis in […]
The dangers of default passwords – 37% of Data Breaches Found to be Malicious Attacks
A malicious attack by malware or spear phishing on valuable data assets like PHI (protected health information) exploits known vulnerabilities and one of the most common vulnerabilities in medical devices and healthcare IT systems is default passwords. “Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of […]
Will security turn into a B2B industry?
Information security is very much product driven and very much network perimeter security driven at that: firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services […]
Securing Web servers with SSL
I’ve been recently writing about why Microsoft Windows and the Microsoft monoculture in general is a bad idea for medical device vendors – see my essays on Windows vulnerabilities and medical devices here, here and here. It is now time to slaughter one more sacred cow: SSL. One of the most prevalent misconceptions with vendors in […]
Cyber crime costs over $1 trillion
A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the […]
Why data security is like sex
We all think about sex – men (most of the time), women (some of time) and teenagers (all the time). Sex – despite the huge volume of content in the digital and print media, is one of those phenomena that demonstrate an inverse relationship between substance and talk. The more talk, chances are, the […]
The emotional content of security
I think in the security space, we spend too much time on the business justification and functional part of security (reducing risk, detection data breach violations, complying with HIPAA, writing secure Web 2.0 applications, securing cloud services, security information management etc…). I think we’re ignoring the emotional content of security and I don’t necessarily mean […]
Why Microsoft shops have to worry about security
I am putting together a semester-long, hands-on security training course for a local college. The college asking me for the program showed me a proposal they got from a professional IT training company for a 120 hour information security course. They are trying to figure how to decide, so they send me the competing […]
Securing Web services in the cloud
Almost every SaaS (software as a service) is based on REST or XML Web services. In this post, I’d like to provide a brief introduction to some typical threats and security countermeasures to protect Web services; Malicious Attack on the message The beauty of HTTP Web Services is that traffic flows through port 80 and […]
Why the Europeans are not buying DLP
It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the […]
