Reading through the trade press, DLP vendor marketing collateral and various forums on information security, the conventional wisdom is that the key threat to an organization is trusted insiders. This is arguable – since it depends on your organization, the size of the business and type of operation. However – This is certainly true …
Read more »Most people tend to view content protection as a recording industry or corporate espionage issue. We have forgotten that people who plagiarize original content are also violating content security – someone else’s security in this case. My colleague Anthony Freed (who runs Information Security Resources) recently got an email from computer scientist and mathematician, Aaron Krowne. Aaron got …
Read more »A number of DLP vendors like Symantec and Websense have been touting the advantages of data discovery – data at rest and data in motion. Discovery of data in motion is an important part of continuous improvement of data security policies. However – there are downsides to data discovery. Discovery is a form of voyeurism …
Read more »At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value. Hmm. This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to …
Read more »A client recently asked: How do I assign a dollar value to an assets?…should I use the purchase value of the asset, replacement value or expected damage to the company if the asset were stolen or exploited? Estimating asset value is without doubt the most frequent question we get when it comes to calculating data …
Read more »Small businesses need information security – perhaps even more than a big business because they probably have less resources and are more vulnerable to hackers. NIST has released guidelines for Small Business Information Security -
Read more »A talk I give recently at one of our Thursday online workshops on data security More data security presentations from danny lieberman
Read more »My prospects are out, it’s beautiful weather (already got my morning ride in thank you) and time to clean up my desk for the weekend. I need to talk about data security presentations. Most of them are horrible – heavy on technical details or heavy on corporate marketing fluff. If the presentation is about same …
Read more »After a discussion with a client today about privacy and data security in social networking, I started looking at physician portals and came across a fascinating post from Dr. Scott Shreve – Knowledge Prostitution enabling Aggregated Voyeurism: Is this a Business Model? Voyeurism (voi-yûr’ ĭz‘əm) n. 1. The practice in which an individual derives pleasure from …
Read more »In music, dissonance is sound quality which seems “unstable”, and has an aural “need” to “resolve” to a “stable” consonance. Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes. …
Read more »