Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products …
Read more »Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. There are 6 key business requirements for medical device security: Prevent data leakage of ePHI (electronic protected health information) via the device itself, the management system and or the …
Read more »Let’s start with the short version of the answer – use your common sense before reading vendor collateral. I think PT Barnum once said “There is a sucker born every minute” in the famous Cardiff Giant hoax – (although some say it was his competitor, Mr. George Hull. Kachina Dunn wrote how Microsoft got security …
Read more »Here are 10 steps to protecting your organization’s privacy data and intellectual property. As a preface, begin with the understanding that you already have all the resources you need. Discussions with colleagues in a large forensics accounting firm that specialize in anti-fraud investigations, money laundering and anti-terror funding (ATF), confirm what I’ve suspected for a …
Read more »A presentation I gave at the Israeli CISO forum, on how to prevent data breaches when you outsource your I.T operation and/or software development group. Click here to download the presentation
Read more »A common question for a large company that needs to protect intellectual property from theft and abuse is choosing the right balance of technology, process and procedure. It has been said that the Americans are very rules-based in their approach to security and compliance where the the Europeans are more principles-based. This article presents a …
Read more »A customer case study – SOX IT Compliance We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company. The objectives for the study were to evaluate the internal and external threats that impact the company’s information assets. Using the Business threat modeling (BTM) methodology, a practical threat analysis PTA threat model was constructed and a number …
Read more »A customer case study - DLP helped diamonds.com be more secure and more competitive. We designed and implemented a large scale IT infrastructure modernization project that was tasked with improving availability, scalability and security of the online diamond trading networks at diamonds.com and diamonds.net. Network DLP appliances were deployed in the US and in EMEA …
Read more »I think that Data Loss Prevention is great way to detect and prevent payment card and PII data breaches. Certainly, all the DLP vendors think so. Only problem is, the PCI DSS Council doesn’t even have DLP in their standard which pretty much guarantees zero regulatory tail wind for DLP sales to payment card industry …
Read more »Ethical breaches or data breaches. I was standing in line at Ben Gurion airport, waiting for my bag to be x-rayed. A conversation started with a woman standing next to me in line. The usual sort – “Where are you traveling and what kind of work do you do?”. I replied that I was traveling …
Read more »