Advantages of Data-Focused Risk Assessments
By Danny Lieberman, Security Expert and Founder of Software Associates
The detailed reasons why people fail at DLP implementations merits a separate post – but it’s a lot like why over 50% of the content management implementation from vendors never made it to production in the 90s – the root cause was that there was no real business case for the technology. Unlike business processes – data risk cannot be outsourced.
How To Valuate Crucial Information Assets
By Danny Lieberman, Security Expert and Founder of Software Associates
Estimating asset value is without doubt the most frequent question we get when it comes to calculating data security risk in monetary terms. A common mistake made by marketeers who work for data security vendors is to estimate the cost of a data security breach as the number of records multiplied by some plug number. The cost of a data security breach to a company is not the same as the cost of a customer data record breach to a customer…
Is Information Protection Even Possible?
By Danny Lieberman, Security Expert and Founder of Software Associates
The author of a ComputerWeekly article correctly identifies that it’s easier to access data and leak it than it is to modify or delete data. However, the notion that data is out of control in the corporate world is an over-reaction, and does a mis-justice to most businesses.
Data Breaches Show PCI DSS Ineffective
By Danny Lieberman, Security Expert and Founder of Software Associates
Are companies assuming that a data security breach is cheaper than security? If PCI is a failure, it is not because it doesn’t prevent credit card theft; there is no such animal as a perfect set of countermeasures. PCI is a failure because it does not force a business to use it’s common sense and ask practical, common-sense business questions.
DLP is Short for Disturbing Lack of Process?
By Danny Lieberman, Security Expert and Founder of Software Associates
The question is not lack of process but whether or not security is being used to help enforce business process in the relevant areas of product safety, customer service, employee workplace security and information protection in business-to-business relationships.
PCI Compliance Does Not Equal Security
By Danny Lieberman, Security Expert and Founder of Software Associates
I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…
The High Cost of HIPAA Privacy Violations
By Danny Lieberman, Security Expert and Founder of Software Associates
Data security vendors like Mcafee, IBM, Fidelis Security, Symantec, Verdasys, Reconnex, Vericept, Raytheon, Websense and Checkpoint have written thousands of white papers on how their data security products can help an organization be HIPAA compliant, but log-management cannot mitigate dumpster-diving, nor can it prevent bulk database dumps and file transfer.
Software Defects Still Key Factor in Data Loss
By Danny Lieberman, Security Expert and Founder of Software Associates
The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).
Industry Should Share Data Loss Information
By Danny Lieberman, Security Expert and Founder of Software Associates
People and their employers are unwilling to discuss the details of security events that happened, their security vulnerabilities, the damage in dollars was actually caused, how the events were discovered, how the threats that exploited the vulnerabilities were mitigated and most importantly – how well their current security products perform.
Fragmentation of Knowledge Spurs Breaches
By Danny Lieberman, Security Expert and Founder of Software Associates
It’s almost a cliche to say that the security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years. Fragmentation of knowledge leads to waste and duplication, as well as frustrating, expensive and sometimes dangerous experiences for companies facing a data loss event.
