Tag: data security breaches

  • 10 ways to detect employees who are a threat to PHI

    Software Associates specializes in software security and privacy compliance for medical device vendors in Israel.   One of the great things about working with Israeli medical device vendors is the level of innovation, drive and abundance of smart people. It’s why I get up in the morning. Most people who don’t work in security, assume […]

  • Encryption, a buzzword, not a silver bullet

    Encryption,  buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider 4 encryption components on the server side: passwords, tables, partitions and  inter-tier socket communications. In these 4 components of a application / database server encryption policy, note that some countermeasures are […]

  • Why data security regulation is bad

    The first government knee-jerk reaction in the face of a data breach is to create more government privacy compliance regulation.  This is analogous to shooting yourself in the foot while you hold the loaded weapon in one hand and apply band-aids with the other. Democracies like Israel, the US and the UK have “a tendency […]

  • Insecurity by compliance

    If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]

  • The Israeli credit card breach

    There are 5 reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security“. I  could write a book on mismanagement of data governance and compliance, data security, web server security, web application software security. In 2003, I […]

  • Monica Belluci and Security

    Trends –  security and movie stars, Manuela Arcuri and  Monica Bellucci, Verisign and Mcafee. Information security and  risk analysis is complex stuff, with multiple dimensions  of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships.  This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical […]

  • Defining the insider threat

    One of the biggest problems facing organizations is lack of rigorous definitions for trusted insider threats, data loss and how to estimate potential damage from a data loss event. With a lack of rigorous definitions for data loss and trusted insider threats, it’s hard to benchmark with other companies and difficult to select a good […]