Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products …
Read more »With all the news about credit card breaches, there are probably a lot of people scurrying about trying to figure out the cheapest and fastest way to reduce the risk of some Saudi hacker stealing credit cards or mounting a DDOS attack on their web site. I have written here, here and here about how …
Read more »Historical data in log files has little intrinsic value in the here-and-now process of event response and mediation and compliance check lists have little direct value in protecting customers. Software Associates specializes in helping medical device and healthcare vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and …
Read more »Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. There are 6 key business requirements for medical device security: Prevent data leakage of ePHI (electronic protected health information) via the device itself, the management system and or the …
Read more »Let’s start with the short version of the answer – use your common sense before reading vendor collateral. I think PT Barnum once said “There is a sucker born every minute” in the famous Cardiff Giant hoax – (although some say it was his competitor, Mr. George Hull. Kachina Dunn wrote how Microsoft got security …
Read more »A customer case study – cloud security assessment Faced with a steep bill for securing a new cloud application, a client asked us to help find a way to reduce their risk exposure at the lowest possible cost. By using the Business Threat Modeling methodology and PTA (Practical Threat Analysis) software, we were able to build a …
Read more »I met with Maryellen Ariel Evans last week. She was in Israel on vacation and we had coffee on the Bat Yam boardwalk. Maryellen is a serial entrepreneur; her latest venture is a security product for IBM Websphere MQ Series. She’s passionate about message queue security and I confess to buying into the vision. She …
Read more »I think that Data Loss Prevention is great way to detect and prevent payment card and PII data breaches. Certainly, all the DLP vendors think so. Only problem is, the PCI DSS Council doesn’t even have DLP in their standard which pretty much guarantees zero regulatory tail wind for DLP sales to payment card industry …
Read more »It is often assumed that the problem of data retention is about how to backup data and then restore it quickly and accurately, if there is a security event or system crash. But, there are important cases, where the best data retention strategy is not to backup the data at all. The process of backup …
Read more »A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the …
Read more »