Do you run an e-commerce site? Are you sure you do not store any payment card data or PII (personally identifiable information) in some MySQL database? The first step in protecting credit card and customer data is to know what sensitive data you really store, classify what you have and set up the appropriate security …
Read more »IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. IT and security adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or manager) needs a line of business software application, IT …
Read more »Are technical privacy controls a substitute for responsible human behavior? In the business environment, management leadership from the front on data security and privacy is a more effective (as in cheaper and stronger) countermeasure than technology when it comes to mitigating trusted insider threats. In the family environment, we traditionally see parents as responsible for …
Read more »Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. There are 6 key business requirements for medical device security: Prevent data leakage of ePHI (electronic protected health information) via the device itself, the management system and or the …
Read more »What do Anat Kamm, Ehud Barak and Meir Dagan have in common? Ehud Barak is current Israeli Minister of Defense, former IDF Chief of Staff and former Prime Minister that led the disastrous withdrawal from Lebanon that fomented Intifada II and then Lebanese War II. Barak is famous for quotes like “If I was a Palestinian, I …
Read more »Clay Shirky writes on Foreign Affairs this week Arguing for the right of people to use the Internet freely is an appropriate policy for the United States, both because it aligns with the strategic goal of strengthening civil society worldwide and because it resonates with American beliefs about freedom of expression By switching from an …
Read more »Been a couple weeks since I blogged – have my head down on a few medical device projects and a big PCI DSS audit where I’m helping the client improve his IT infrastructure and balance the demands of the PCI auditors. Last year I gave a talk on quantitative methods for estimating operational risk of …
Read more »Ethical breaches or data breaches. I was standing in line at Ben Gurion airport, waiting for my bag to be x-rayed. A conversation started with a woman standing next to me in line. The usual sort – “Where are you traveling and what kind of work do you do?”. I replied that I was traveling …
Read more »One year ago this time was World Cup season and Mondial fever put a lot of regional conflicts on the back burner for a month – not to mention put a dent in a lot of family budgets (husbands buying the latest 60 inch Sony Bravia and wives on retail therapy while the guys are …
Read more »It is often assumed that the problem of data retention is about how to backup data and then restore it quickly and accurately, if there is a security event or system crash. But, there are important cases, where the best data retention strategy is not to backup the data at all. The process of backup …
Read more »