Risk and strategy | Software Associates.

Home » Blog » Risk and strategy

ניהול אבטחת מידע בענן – על תבונה ורגישות

Posted in: Data leakage, Information security|Tags: Cloud computing, Cloud security, couchdb, data governance, Data loss, Microsoft, MySQL, Oracle, Postgresql, Risk and strategy|By: Danny Lieberman|February 25, 2011No Comments

ניהול אבטחת מידע בענן – על תבונה ורגישות ,ממשל נתונים הוא דרישה הכרחית להגנה על נתונים כשעוברים למחשוב בענן. קביעת מדיניות ממשל נתונים היא בעלת חשיבות מיוחדת במודל העבודה של מחשוב ענן שמבוסס על אספקת שירותים בתשלום ליחידת צריכה, בניגוד למודל המסורתי של מערכות מידע המבוסס על התקנה, שילוב מערכות ותפעול מוצרים. יחד עם ההיצע …

Small business data security

Posted in: Compliance, Internal security, Technology|Tags: Anti-Fraud, business threat modeling, Checkpoint, Cisco, counterfeiting, data breach, Data leakage, Data retention, data security, IT Governance, Microsoft, Risk and strategy, Threat modeling|By: Danny Lieberman|January 4, 2011No Comments

Here are 7 steps to protecting your small business’s data and and intellectual property in 2011 in the era of the Obama Presidency and rising government regulation. Some of these steps are about not drinking consultant coolade (like Step # 1- Do not be tempted into an expensive business process mapping project) and others are adopting best practices …

How to assess risk – Part II: Use attack modeling to collect data

Posted in: Risk Assessment|Tags: attack modeling, ethics, HIPAA, ISO 27001, PTA, risk a, Risk and strategy, Threat modeling|By: Danny Lieberman|December 6, 20101 Comment

In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling …

Professional skill sets

Posted in: Information security, Mountain biking, Music|Tags: ethics, Physical security, Risk and strategy, Risk management|By: Danny Lieberman|July 30, 20107 Comments

We spent the past week in Tzfat (Safed) – situated in the northern part of Israel and with a 900meter elevation, the weather is cool and dry and a welcome relief from the humidity and heat of Tel Aviv. We met a couple at dinner one evening – the husband is a retired aerospace software …

Knowledge Prostitution

Posted in: Anti-Fraud, Compliance, Information security|Tags: collaboration, data security, EU privacy, Pharmaceutical, Risk and strategy, social media, Social Networking|By: Danny Lieberman|November 5, 2009No Comments

After a discussion with a client today about privacy and data security in social networking, I started looking at physician portals and came across a fascinating post from Dr. Scott Shreve – Knowledge Prostitution enabling Aggregated Voyeurism: Is this a Business Model? Voyeurism (voi-yûr’ ĭz‘əm) n. 1. The practice in which an individual derives pleasure from …

The threat behind the House Tri-Committee Bill on Health Care

Posted in: Physical security|Tags: business threat modeling, data loss prevention, DLP, Pharmaceutical, Risk and strategy, Risk management, Social Networking|By: Danny Lieberman|July 24, 2009No Comments

Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn. I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting. I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity …

Are you a leader or a friend?

Posted in: Risk management, Threat modeling|Tags: Leadership training, Risk and strategy, Small Business|By: Danny Lieberman|April 13, 20091 Comment

Although I served in the Israeli Army – I was what they called a “simple soldier”, a communications tech in a van. Our officer was glad that we kept things working – and that was fair enough we thought. After grad school, serving in the armies of high-tech samurai, I learned that commanders fight with …

Understanding culture reduces risk

Posted in: Privacy, Risk Assessment, Risk management, Risk mitigation|Tags: corporate culture, People Risk, Risk and strategy, Risk management|By: Danny Lieberman|January 5, 20093 Comments

It’s during the war on Hamas in Gaza and I got on a thread on a blog about why Islam is so violent. I explained that there are fundamental ideological differences between Islam and Judaism. For starters – Islam values land but not human life, Jews value human life and are willing to compromise on …

Deciding how much Risk is Acceptable

Posted in: Data leakage, Information security, Risk Assessment, Risk management|Tags: Control Policy, ISO 27001, RIF, Risk and strategy, Risk Assessment, Risk management|By: Danny Lieberman|November 19, 20081 Comment

The VCs all around are saying we’re headed into a nuclear winter. What kind of risk are you creating when you fire the IT security officer? When a company decides to fire a big piece of it’s work force – it’s to reduce costs in anticipation of reduced revenues. Risk management and IT governance runs …

Archives