Trends – security and movie stars, Manuela Arcuri and Monica Bellucci, Verisign and Mcafee. Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical …
Read more »Obama’s National Strategy for Trusted Identities in Cyberspace In April President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC) which charts a course for the public and private sectors to collaborate on raising the level of trust associated with identity in online transactions. NSTIC focuses on upgrading outdated password-based authentication systems and …
Read more »In a recent PCI seminar I attended, the speaker (who hails from the European PCI Security Council) claimed that most European businesses were in a very bad place in terms of their data security but that that the ultimate business objective is 100 percent compliance. I’ve heard similar pronouncements from industry analysts like Forrester. This is problematic for …
Read more »switched.com is having trouble understanding the attack vector of a data breach. They apparently believe that software vulnerabilities can be mitigated by consumers “actively protecting their information”. Hackers recently attacked WellPoint, a health insurer which reportedly covers 34 million people. As a result of the breach, the company notified 470,000 individual customers that confidential information, …
Read more »There is a lot to be said for preventing data loss at the point of use but if you are considering endpoint DLP (data loss prevention), I recommend against buying and deploying an integrated DLP/Anti-virus end-point security agent. This is for 4 reasons: Bloatware/system resource consumption – if you’re concerned with anti-virus system resource usage, …
Read more »What is interesting and generally overlooked – is the cultural differences between the US and the rest of the world. The Europeans prefer a more nuanced approach stressing discipline and procedures,The Americans are compliance driven and IT top heavy, I imagine if you look at DLP sales – 98% are in the US, being (right or …
Read more »A client recently asked: How do I assign a dollar value to an assets?…should I use the purchase value of the asset, replacement value or expected damage to the company if the asset were stolen or exploited? Estimating asset value is without doubt the most frequent question we get when it comes to calculating data …
Read more »In music, dissonance is sound quality which seems “unstable”, and has an aural “need” to “resolve” to a “stable” consonance. Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes. …
Read more »I was talking to Ilan Meller from Identiwall recently. Ilan was a SVP at CA and his latest company is doing serious work with strong identity and authentication management. They have over a million installed home banking users in Israel.. Ilan told me about three product lines – Identiwall for Secure online transactions, Identiwall VPN …
Read more »For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy …
Read more »