Compliance | Software Associates.

The death of the anti-virus

Posted in: Compliance, Information security|Tags: anti-virus, Compliance, medical devices, Symantec|By: Danny Lieberman|December 5, 2011No Comments

Every so often my ISP calls us up and asks to speak with the IT manager or the person who is responsible for the network. This time it was Netvision offering me a special deal on Symantec anti-virus and a $5/month service package for virus updates. Well, I said “We don’t use Windows, and I …

DLP for telecom service providers

Posted in: Compliance, Data leakage, Information security|Tags: Case study, Compliance, telecom|By: Danny Lieberman|November 25, 2011No Comments

A customer case study: Using DLP to protect customer data at a telecom service provider Our first data loss prevention (DLP) project was in 2005 with 013 Barak – now 013 Barak/Netvision. It followed on the heels of an extensive business vulnerability assessment and management level decision to protect customer data. It’s significant that 013 …

Why your IT vendor doesn’t want you to do a risk analysis

Posted in: Information security, Technology, Threat modeling|Tags: business threat modeling, Cloud computing, Cloud security, Compliance, Cyber threats, DRP, Security vendors, SME|By: Danny Lieberman|June 15, 20112 Comments

Did you ever have a feeling that your IT integrator was treating you like a couple of guys selling you a Persian rug? ”Take it now – it’s so beautfiful, just perfect for your living room, a steal for only $10,000 and it’s on sale” and when you ask if it will last, they tell …

10 guidelines for a security audit

Posted in: Compliance, Risk mitigation, Software security|Tags: Anti-Fraud, Compliance, ethics, internal audit, PCI DSS, Risk management, Sarbanes-Oxley|By: Danny Lieberman|March 22, 2011No Comments

What exactly is the role of an information security auditor? In some cases, such as compliance by Level 1 and 2 merchants with PCI DSS 2.0, external audit is a condition to PCI DSS 2.0 compliance. In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike …

Less regulation, increased data security

Posted in: Compliance, Data leakage, Information security, Risk Assessment, Risk management, Threat modeling|Tags: Compliance, Data loss, data security|By: Danny Lieberman|May 27, 2009No Comments

Data security compliance regulation such as PCI DSS 1.2 is a double-edged sword – as a security checklist it’s an important step for the payment card industry but too much regulation, especially for small to mid-sized businesses is too much of a good thing. As my maternal grandmother, who spoke fluent Yiddish would yell at …

The death of regulation

Posted in: Compliance, Data leakage, Information security|Tags: Brookings, Compliance, data loss prevention, Far left, Obama|By: Danny Lieberman|April 12, 2009No Comments

I recently ran into a 2 year old post that decried the use of the term extrusion prevention calling it the “worst tech term of the year” I will cut the author of the article some slack as it was back in 2007 and a lot of folks were just coming to grips with the …

People should be very frightened of the FSA

Posted in: Anti-Fraud, Compliance|Tags: Compliance, Operational risk|By: Danny Lieberman|March 16, 2009No Comments

Fear is a good deterrent for individuals – but, will it work for large corporations? I don’t know, but for sure the UK FSA believes in fear. Financial Services Authority (FSA) chief executive Hector Sants pledged in a confrontational speech last week that the UK regulator would be far more “intrusive and direct” in its …

Archives