DLP – a Disturbing Lack of Process?
Ted Ritter has suggested that we rename DLP a Disturbing Lack of Process Indeed DLP is not a well-defined term – since so many vendors (Kaspersky anti-virus, McAfee anti-virus, Symantec anti-virus, Trend Micro Provilla, CA Backup…you name it) have labeled their products “Data loss prevention” products in an attempt to turn the tide of data […]
Data security for SMB
Yesterday, I gave a talk at our Thursday security Webinar about data security for SMB (small to mid-sized businesses). I’ve been thinking about DLP solutions for SMB for a couple of years now; the market didn’t seem mature or perhaps SMB customer awareness was low, but with the continued wave of data security breaches, everyone […]
Is PCI DSS a failure?
A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey. Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical […]
Trusted insider threats, fact and fiction
Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating the value of identity and access management in mitigating trusted […]
Sharing security information
I think fragmentation of knowledge is a root cause of data breaches. It’s almost a cliche to say that the security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years. It is apparent that government regulation is ineffective in preventing identity […]
Detecting structured data loss
Loss of large numbers of credit cards is no longer news – DLP (data loss prevention) technologies are an excellent way of obtaining real time monitoring capability without changing your network and enterprise applications systems. Typically when companies are considering a DLP (data loss prevention ) solution – they start by looking at the offerings […]
I want data loss reasons, not numbers
Media reporting of data breach events like the UK NHS, Heartland, Hannaford and Bank of America has overwhelming focussed on the raw numbers of customer data records that were breached. Little information is available regarding the root causes – how attackers exploited the system and people vulnerabilities to get the data. Although US legislation requires […]
Practical information policy
Does this look simple to you? I think it’s time to get back to security basics after reading the news this morning. Yesterday, there was a run of high profile data security events: the Mozilla store data breach, the DDOS attack on Twitter and Web defacing by a Palestinian cyber-terror group on leftist Israeli Kadima […]
Information security: Is psychology more important than technology?
I believe that 3 psychological reasons are the root cause of why many organizations worldwide do not take a leadership position in enterprise information protection. Preventing information security events is an admission of weakness. Why spend money on technology when the first step is admitting that you’re vulnerable? We live in an age of instant […]
Is security a washing machine?
Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle. It’s always a 4 step cycle, like Symantec’s DLP “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line. It’s like a washing machine cycle that never […]
