Does this look simple to you?

I think it’s time to get back to security basics after reading the news this morning.

Yesterday, there was a  run of high profile data security events: the  Mozilla store data breach, the  DDOS attack on Twitter and Web defacing  by a Palestinian cyber-terror group on leftist Israeli Kadima party (second time in the past 18 month – this seems like biting the hand that feeds you, considering the Kadima record in attempting to attain peace with appeasement and corruption).

So – let’s get back to basics.

Here is a security policy with  6 basic security countermeasures for effective enterprise information protection and data loss prevention.

1. Change default passwords that come with applications. Change those admin/admin username/passwords and change default Oracle passwords.
2. Forbid shared username/passwords for systems with sensitive data
3. Review user account privileges once / quarter.  You may be surprised that a one-time privilege granted to a user is still there. In a large company – this should be done by a supervisor. Doing this will raise awareness and place more responsibility on employees and line managers.
4. Identify critical systems and perform a software security assessment.  In our data security practice in Israel and Central Europe, we have discovered that over 50 percent of data breaches were related to software bugs.  Use the 7 step Business Threat Modeling methodology to do the software security assessment
5. Patch to operating system vendor requirements. In Windows, Ubuntu and Red Hat Linux it’s automated and work that can be scheduled.
6. Monitor for data security events on the network using the Fidelis Security XPS system (which can monitor and prevent data loss events bi-directionally inside the network or at the perimeter) or with Verdasys Digital Guardian agents at the point of use.

Free online workshops in information security Join us for an exciting series of 6 free online workshops on data security best practices at work, at home and for SMEs – Register for the workshops now! Preventing intellectual property abuse Protecting information at pharmaceutical firms What is the right way to protect intellectual property from theft and abuse? Start by testing two hypotheses – 1) that information leakage is currently happening and 2) that a cost-effective risk mitigation plan can be defined and implemented. Read more Preventing intellectual property abuse Professional services Data loss prevention solutions For creative, effective and out-of-the-box data security solutions contact us. Ten reasons you should work with us What risks really count for your business? Use the 7 step Business Threat Modeling methodology to diagnose and quantify threats to customer data, strategic plans, marketing and pricing data. Business threat modeling information assurance Your employees send confidential documents to Gmail, but how do you quantify and mitigate the risk? The Great Financial Crisis is a new spin for security vendor PR people, but in our experience most firms don’t know what data is leaving the company. Your first step to being more robust to an unexpected, high-impact data breach isdata discovery and business threat modeling. Contact us today and learn more. Free download Business threat modeling Business management Preparing for a disaster Be prepared with a good disaster recovery plan. The DRP is designed to assist companies in responding quickly and effectively to a natural disaster or terror event and restore business as quickly as possible. Read more Preparing a disaster recovery plan. Security management If you know what your assets are worth, it’s easy to ask for, and get a discount Data security is often brushed aside due to budget limitations disregarding the value of company data assets. Take a clear position on which data assets are important and how much they’re worth to the company Read more Ten steps to protecting customer data and intellectual property. Software development risk 10 Top Mistakes of Embedded Linux Users Picking a large foreign company for support is not the best way to go for various reasons and for smaller embedded systems, Intel isn’t necessarily the best choice. Read more The 10 Top Mistakes of Embedded Linux Users make. Risk assessment IT Risk Assessment is dead Does your IT security look like TIA – a lot of senseless shooting? Risk assessment, as currently practiced in IT security, is dead, but if we take a brick and mortar approach – we can improve security at reduced costs. Read more The death of risk assessment. Join the Software Associates network today : : Contact us Subscribe to our RSS Feed Free risk assessment software

Political spin is not a sound replacement for national pride.

Translated literally from the English as the Night of Broken Glass, Kristallnacht was a pogrom  in Nazi Germany in November 9-10. That night, 82 Jews were murdered and 25,000–30,000 were arrested and deported to concentration camps.

Olmert, Livni and Peres should listen up and learn from an event that happened this Friday in Berlin.

I got this item – courtesy of Joseph Bernadette.

The Rykestrasse synagogue in Berlin was torched  on Kristallnacht. This past Friday  saw rabbis bringing the Torah to the synagogue, in a ceremony witnessed by political leaders and Holocaust survivors from around the world. The synagogue, with a capacity to seat 1,200, has been described as one of the jewels of Germany’s Jewish community. Rabbi Chaim Roswaski, who presided at the ceremony ,described the reconstruction as “a miracle.” The re-opening comes at the start of a Jewish culture Festival this week in Berlin.

Who would have thunk?

I saw a report on BNET this morning that “1/3 of US companies had no plan for the downturn”.

In Israel it’s more like 99% of companies and 100% of the government (Tzipi Livni is still clueless that anything is going on the world financial markets and Ehud Olmert and Ehud Barak have already taken profits and deposited them in an off-shore account).

A year ago I blogged about the upcoming recession – :

American Economic Association’s two-day annual meeting in New Orleans spoke of a recession as almost a given but differed over how severe it will be. Alistair Milne, a professor at the City University of London’s Cass Business School, said he’s expecting “a really weak year,” he said, the US economy won’t likely get back on track until 2010 and will require more capital from overseas.

Omer Zak has written recently about a systematic flaw in Israel’s defense strategy

I know it is fashionable the past 2-3 years to talk about not starting a war without knowing how you are going to get out or what you will do the next day “after”. Iraq, Lebanon etc…

I like Omer’s thinking, but I happen to disagree with him on two basic issues:

1) The root cause of the problem (winning wars and losing the country)

Omer is correct that Israel has a systemic problem. but  I disagree that it is Israelis agreeing on what kind of country they want.

Before we attain national consensus (and one can argue that in a true democracy there will never be total agreement on anything), we need to have leaders who can define what they want for the country, and not what they want for themselves.

Israel needs leaders with values. Sharon was a leader but his values were shady.   Olmert is not a leader and his values are corrupt and corrupting.   Livni is neither a leader nor a value role-model.  Her only qualifications for the job are that she has kept her nose clean in 7 offices; but being a woman and currying to Politically Correctness cannot cut it when the world economy is on fire. Let’s compare Livni to Sarah Palin – Sarah Palin has better hair, better fashion taste, an (albeit short) track record in Alaska (Livni’s only asset is that she has no record at all…), and is a tough public speaker (Livni doesn’t even score in this category because a) she doesn’t speak in public and b) her English is atrocious to the point of embarrassment.

We deserve better; the only way we will get good national leadership is by demanding it.

2) Why our leaders don’t lead?

Omer believes that “A consequence of the internal conflicts [in Israel] is that it is impossible for any Israeli leader to define, articulate and consistently pursue any coherent set of [war] goals.”

Olmert’s and Barak’s spin tactics cannot change the fact that they are fundamentally weak and corrupt leaders.   Weak leadership and corruption are not a result of a free-wheeling market of ideas and the  internal conflicts that ensue.

We will never get the leadership we need without getting back to basics; the basics of democracy, making Israel a country for the people, by the people and of the people.

Perhaps we have become inured to the corruption and violence, but we must remember what Thomas Jefferson wrote over 200 years ago:

“We can no longer say there is nothing new under the sun. For this whole chapter in the history of man is new. The mighty wave of public opinion which has rolled over it is new.”
–Thomas Jefferson