Category: Internal security

  • Data security in the cloud

    It seems that with amorphous and rapidly evolving trend of storing data in cloud providers and social media like Twitter and Facebook, that social media and cloud computing is the next frontier of data security breaches. And – here, we have not even solved the problem of trusted insiders. The letter of the law is […]

  • Is IT equipped to deal with clear and present danger?

    Are the security lights on, but no  one is home at your company? An April 2010 survey of 80 chief security officers and over 200 members of ASIS International (a trade association for corporate security professionals) basically says that while most large organizations have risk analysis processes – there is no one in charge of risk […]

  • Database activity monitoring

    If you deploy or are considering data security technology from Websense, Fidelis, Verdasys , Guardium, Imperva or Sentrigo – do you give a DAM ? It seems that DLP (data loss prevention)  vendors are moving up the food chain into DAM (database activity monitoring)? As customers deploy two products in parallel (for example Imperva and […]

  • Economic crime vulnerabilities

    The  key vulnerabilities of a business  to fraud and data loss are rooted in the  four sins of hubris: thinking, looking, fighting and denying. Hubris is defined as excessive pride or self-confidence, starting with the thought that fraud and data theft won’t happen to you.  Most firms look in the wrong direction, by focussing on external […]

  • Standardized screening for data security risk

    Best practices for data security are still evolving – as there are no industry-standard data security metrics and a confusing array of regulatory compliance and industry standards – PCI DSS 1.2, Sarbanes-Oxley, FISMA, ISO2700x – just to name a few. Organizations (government included) currently use a combination of tactics – penetration testing, vulnerability analysis (usually […]

  • The 4 questions

    One of the famous canons in the Jewish Passover “seder” ritual is 4 questions from 4 sons – the son who is wise, the son who is wicked, the son who is innocent and the son who doesn’t know enough to ask. I sometimes have this feeling of Deja vu when considering data security technology […]

  • The cost of HIPAA privacy violations

      Back in February 09 I noted that CVS Caremark Corp. had agreed to pay $2.25 million to settle a federal investigation into allegations that it violated HIPAA privacy regulations when pharmacy employees threw items such as pill bottles with patient information into the trash. This morning, 9 months later – I checked the stock […]

  • Trusted insider threats, fact and fiction

    Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating  the value of identity and access management in mitigating trusted […]

  • USDA bans non IE browsers

    The new Israeli administration has invited Microsoft to head a government IT steering comittee – the item caused a bit of a ruckus in the Israeli Open Source community a few months ago – although I personally feel that as the world’s largest software vendor – they have a lot to contribute. Now I think […]

  • Data loss prevention at work – video and porn

    Bahya ibn Paquda was the author of the first Jewish system of ethics written in Arabic in 1040 under the title Al Hidayah ila Faraid al-Qulub, Guide to the Duties of the Heart. In his view, most people acted in accord with selfish, worldly motives. This was almost 2,000 years ago before the age of […]