A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey. Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical …
Read more »From Allan Paller’s testimony before the US Senate I think the quote speaks for itself. Outside the US – it seems even stranger to believe that US companies have enough money for two cyber security organizations paid for by the US taxpayer. However, federal agencies cannot move effectively to more secure systems unless you shift …
Read more »Every Thursday at 14:00 GMT we host a best practice security workshop online for business professionals, vendors and consultants. There is a short high-quality presentation and we share knowledge gained in the trenches. It’s 20 minutes, it’s free and it’s always a lot of fun. Register Here you will receive a confirmation email with a …
Read more »A recent article on Internet Evolution , written by Gideon Lenkey quotes the SANS Institute: “application software is a major vulnerability for enterprises“. The root cause of application security vulnerabilities is bugs (usually design bugs but often implementation defects). A research study performed in 2007, analyzed over 180 data theft events. The empirical data shows …
Read more »It has been a while since I blogged about music – but someone asked me today what do I listen to when I need that extra boost and cheering up, and the answer was Pat Matheney – “The first circle” There is something about Pat Matheney that appeals to people of all different backgrounds and …
Read more »Big projects are easier to manage than little ones. In the 80s, I worked at EDP, a VAX/VMS software house. We were doing a project for Yellow Pages in Israel and I was introduced to Boaz Dotan – who had just started what was later to become Amdocs, the Israeli software and services giant. Boaz …
Read more »My lawyer once told me that I should be careful with verbal commitments since a verbal commitment can often be construed as a binding agreement. The question is how to verify the verbal agreement and enforce non-repudiation? There are many cases in life where you want to be able to verify a verbal commitment using …
Read more »Five years ago in October 2004, I wrote a piece on the top ten mistakes companies make in their data security policy and implementation (see the full article – 10 common data security mistakes). I took a few minutes today to update the article in the course of preparing for our next online data security …
Read more »A Miami man has been charged with the largest data theft ever. Less than 5 years ago, the main modus operandi for stealing identity information was dumpster diving. If you shredded your statements, you were safe. However – today, it’s much more effective to steal the data directly from large retailer databases. Once you’re in …
Read more »For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy …
Read more »