Archives

Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products …

Are organizations with higher exposure to online porn and gambling more likely to have a higher incidence of data breach incidents? On the heels of recent Israeli credit card breach incidents, the reports of suspected fraud and money laundering at ICC CAL are bad timing at the very least for Israeli security and compliance. Last …

Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. There are 6 key business requirements for medical device security: Prevent data leakage of ePHI (electronic protected health information) via the device itself, the management system and or the …

Been a couple weeks since I blogged – have my head down on a few medical device projects and a big PCI DSS audit where I’m helping the client improve his IT infrastructure and balance the demands of the PCI auditors. Last year I gave a talk on quantitative methods for estimating operational risk of …

I met with Maryellen Ariel Evans last week. She was in Israel on vacation and we had coffee on the Bat Yam boardwalk.   Maryellen is a serial entrepreneur; her latest venture is a security product for IBM Websphere MQ Series. She’s passionate about message queue security and I confess to buying into the vision. She …

I’ve been recently writing about why Microsoft Windows and the Microsoft monoculture in general  is a bad idea for medical device vendors – see my essays on Windows vulnerabilities and medical devices here, here and here. It is now time to slaughter one more sacred cow: SSL. One of the most prevalent misconceptions with vendors in …

ניהול אבטחת מידע בענן – על תבונה ורגישות ,ממשל נתונים הוא דרישה הכרחית להגנה על נתונים כשעוברים למחשוב בענן. קביעת מדיניות ממשל נתונים היא בעלת חשיבות מיוחדת במודל העבודה של מחשוב ענן שמבוסס על אספקת שירותים בתשלום ליחידת צריכה, בניגוד למודל המסורתי של מערכות מידע המבוסס על התקנה, שילוב מערכות ותפעול מוצרים. יחד עם ההיצע …

First reported in the Huffington Post in November 2010, the Bank of America has set up a Wikileaks defense team after an announcement by Julian Assange that Wikileaks has information from a 5GB hard drive of a Bank of America executive. In a burst of wikipanic, Bank of America has dived into full-on counterespionage mode…15 …

With a delay of almost 10 years – SCIAM has published an article on the insider threat – WikiLeaks Breach Highlights Insider Security As one of the pioneers in the DLP space (data loss prevention) and an active data security consultant in the field since 2003 – I am not surprised when civilians like the …

Over 6 years after the introduction of the first data loss prevention products, DLP technology has not mainstreamed into general acceptance like firewalls. The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security …