Tag Archives: Palestinian violence

Brainwashed by propaganda?

Risk management, Risk mitigation,

I decided to update this post – after the security theater of the week with the Palestinians and Israelis – as if Israel really needs the Palestinians to recognize Israel as a Jewish State and as if not building a few houses is going to give the Palestinian leaders a reason to stop terror and live in peace.

I normally blog about data security issues – I specialize in helping medical device manufacturers secure their software, protect their patient data and comply with regulations like HIPAA.

However – the recent terror flotilla to Israel, the double moral standard of the UN Human Rights Council condemning Israel 25 times in the past 3 years without condemning once human rights violations in Iran and Darfur – makes one pause to think.

In Israel there is a general feeling that Israelis are to blame for the world hating Israelis.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow

Practical information policy

Data leakage, Information security, , , , , , , , , ,

Websense essential information protection

Does this look simple to you?

I think it’s time to get back to security basics after reading the news this morning.

Yesterday, there was a  run of high profile data security events: the  Mozilla store data breach, the  DDOS attack on Twitter and Web defacing  by a Palestinian cyber-terror group on leftist Israeli Kadima party (second time in the past 18 month – this seems like biting the hand that feeds you, considering the Kadima record in attempting to attain peace with appeasement and corruption).

So – let’s get back to basics.

Here is a security policy with  6 basic security countermeasures for effective enterprise information protection and data loss prevention.

  1. Change default passwords that come with applications. Change those admin/admin username/passwords and change default Oracle passwords.
  2. Forbid shared username/passwords for systems with sensitive data
  3. Review user account privileges once / quarter.  You may be surprised that a one-time privilege granted to a user is still there. In a large company – this should be done by a supervisor. Doing this will raise awareness and place more responsibility on employees and line managers.
  4. Identify critical systems and perform a software security assessment.  In our data security practice in Israel and Central Europe, we have discovered that over 50 percent of data breaches were related to software bugs.  Use the 7 step Business Threat Modeling methodology to do the software security assessment
  5. Patch to operating system vendor requirements. In Windows, Ubuntu and Red Hat Linux it’s automated and work that can be scheduled.
  6. Monitor for data security events on the network using the Fidelis Security XPS system (which can monitor and prevent data loss events bi-directionally inside the network or at the perimeter) or with Verdasys Digital Guardian agents at the point of use.
Data loss prevention specialists for technology and telecommunications, mitigating threats from trusted insiders, criminals and business partners

Free online workshops in information security

Join us for an exciting series of 6 free online workshops on data security best practices at work, at home and for SMEs – Register for the workshops now!

Preventing intellectual property abuse

Protecting information at pharmaceutical firms
What is the right way to protect intellectual property from theft and abuse? Start by testing two hypotheses – 1) that information leakage is currently happening and 2) that a cost-effective risk mitigation plan can be defined and implemented.
Read more Preventing intellectual property abuse

Professional services

Data loss prevention solutions
 For creative, effective and out-of-the-box data security solutions contact us. Ten reasons you should work with us
What risks really count for your business?
Use the 7 step Business Threat Modeling methodology to diagnose and quantify threats to customer data, strategic plans, marketing and pricing data. Business threat modeling

information assurance

Your employees send confidential documents to Gmail, but how do you quantify and mitigate the risk?
The Great Financial Crisis is a new spin for security vendor PR people, but in our experience most firms don’t know what data is leaving the company. Your first step to being more robust to an unexpected, high-impact data breach isdata discovery and business threat modeling.
Contact us today and learn more.

Free download Business threat modeling

Business management

Preparing for a disaster
Be prepared with a good disaster recovery plan. The DRP is designed to assist companies in responding quickly and effectively to a natural disaster or terror event and restore business as quickly as possible.
Read more Preparing a disaster recovery plan.

Security management

If you know what your assets are worth, it’s easy to ask for, and get a discount
Data security is often brushed aside due to budget limitations disregarding the value of company data assets. Take a clear position on which data assets are important and how much they’re worth to the company
Read more Ten steps to protecting customer data and intellectual property.

Software development risk

10 Top Mistakes of Embedded Linux Users
Picking a large foreign company for support is not the best way to go for various reasons and for smaller embedded systems, Intel isn’t necessarily the best choice.
Read more The 10 Top Mistakes of Embedded Linux Users make.

Risk assessment

IT Risk Assessment is dead
Does your IT security look like TIA – a lot of senseless shooting? Risk assessment, as currently practiced in IT security, is dead, but if we take a brick and mortar approach – we can improve security at reduced costs.
Read more The death of risk assessment.

Join the Software Associates network today

Danny Lieberman : :Danny Lieberman on Twitter
Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow

Reducing risk of major data loss events

Physical security, Risk Assessment, Risk management, Risk mitigation, , , , , ,

Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons

Hellman proposes that we need a  third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been reduced by several orders of magnitude from today to an acceptable level.

This makes sense and it’s an intriguing idea as an exercise in risk analysis of information security and data protection to see if there is a third state of reduced risk that where the risk of data breach and major data loss events is reduced to acceptable levels.

That’s one thing that got me thinking.

The second thing is the quote from Fyodr Burlatsky, one of Khrushchev’s speechwriters and close advisors, as well as a man who was in the forefront of the Soviet reform movement:

In Krushchev’s eyes [America insisting on getting its way on certain issues] was not only an example of Americans’ traditional strong arm policy, but also an underestimation of Soviet might. … Khrushchev was infuriated by the Americans’ … continuing to behave as if the Soviet Union was still trailing far behind.

So here we are – 2009 and President Obama is insisting on getting his way on certain issues with the  Iranians, who pose a serious nuclear threat to the world.  But no only Ahmadenijad – the Russians and the North Koreans are also  infuriated by the Americans’ … continuing to behave as if they are still trailing far behind.

Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow

What’s in a name?

Physical security,

Would someone explain the difference between Militants and Terrorist Organizations?

Do definitions matter?

The PCI DSS 1.2 standard confusingly labels anti-virus “threat management” and security folks often confuse a vulnerability (a state of weakness of an asset) with a threat (something or someone that exploits the vulnerability to cause damage to the asset). I guess it’s ok – after all, information security is not life and death like the war against Palestinian terror.

The US State Department appears to be confused – are we fighting “militants” or “terrorists”?

Here’s what I mean.

The American Embassy in Tel Aviv came out with a travel warning for US Citizens in Israel December 30, 2008:

U.S. Government Employee Travel Restrictions Due to IDF’s Gaza Operation and Longer Range-Rocket Attacks against Israel by Militants and Terrorist Organizations in Gaza

A common definition of terrorists are people who attack civilians.   It seems that makes all of the Palestinian organizations terrorists ne’st-ce pas? Here’s the full announcement:

Subject: WARDEN MESSAGE FROM US EMBASSY TEL AVIV, Additional travel restrictions, longer-range rocket attacks, message dated 30 Dec 2008

Warden Message

U.S. Government Employee Travel Restrictions Due to IDF’s Gaza Operation and Longer Range-Rocket Attacks against Israel by Militants and Terrorist Organizations in Gaza

Date of Warden Message: December 30, 2008

Today’s Warden Message alerts U.S. citizens to current IDF operations in the Gaza Strip and ongoing rocket attacks from Gaza by militants and terrorist organizations into Israel.  U.S. Government employees, for the time being, have been restricted from travelling within a 30 KM radius of the Gaza Strip, inside of which the vast majority of rockets and mortars have fallen.  To travel inside the 30 KM radius, the Embassy’s Regional Security Officer’s approval is required.  Further, no U.S. government official travel is permitted inside the Gaza Strip.

Militants and terrorist organizations in Gaza continue to launch numerous rocket and mortar attacks against Israel.  On December 28 and 29, several longer-range missiles landed in Ashdod, located about 35 KM from Gaza.  On December 29, a longer range missile also landed in Yavne, which is just north of Ashdod.  Though USG employees’ travel is restricted to 30 KMs, American citizens should be aware that militants and terrorist groups could launch additional longer-range missiles that may land well beyond the 30 KM radius and to take appropriate security measures.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow