How To Valuate Crucial Information Assets

January 13, 2010 by ADMIN · Leave a Comment

By Danny Lieberman, Security Expert and Founder of Software Associates

Estimating asset value is without doubt the most frequent question we get when it comes to calculating data security risk in monetary terms. A common mistake made by marketeers who work for data security vendors is to estimate the cost of a data security breach as the number of records multiplied by some plug number. The cost of a data security breach to a company is not the same as the cost of a customer data record breach to a customer…

Is Information Protection Even Possible?

December 17, 2009 by ADMIN · 1 Comment

By Danny Lieberman, Security Expert and Founder of Software Associates

The author of a ComputerWeekly article correctly identifies that it’s easier to access data and leak it than it is to modify or delete data. However, the notion that data is out of control in the corporate world is an over-reaction, and does a mis-justice to most businesses.

Data Breaches Show PCI DSS Ineffective

December 10, 2009 by ADMIN · 2 Comments

By Danny Lieberman, Security Expert and Founder of Software Associates

Are companies assuming that a data security breach is cheaper than security? If PCI is a failure, it is not because it doesn’t prevent credit card theft; there is no such animal as a perfect set of countermeasures. PCI is a failure because it does not force a business to use it’s common sense and ask practical, common-sense business questions.

PCI Compliance Does Not Equal Security

October 28, 2009 by ADMIN · 8 Comments

By Danny Lieberman, Security Expert and Founder of Software Associates

I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…

Software Defects Still Key Factor in Data Loss

October 7, 2009 by ADMIN · 1 Comment

By Danny Lieberman, Security Expert and Founder of Software Associates

The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).

Industry Should Share Data Loss Information

September 23, 2009 by ADMIN · 1 Comment

By Danny Lieberman, Security Expert and Founder of Software Associates

People and their employers are unwilling to discuss the details of security events that happened, their security vulnerabilities, the damage in dollars was actually caused, how the events were discovered, how the threats that exploited the vulnerabilities were mitigated and most importantly – how well their current security products perform.

SUPERAntiSpyware Issues Online Safe Scan

September 17, 2009 by ADMIN · Leave a Comment

From Mike Duncan, Director of Business Development at SUPERAntiSpyware

SUPERAntiSpyware.com, a Pacific Northwest developer of state-of-the-art anti-spyware solutions, has released SUPERAntiSpyware Online Safe Scan, a powerful new tool in the fight against the latest and particularly difficult malware infections.

Fragmentation of Knowledge Spurs Breaches

September 15, 2009 by ADMIN · 1 Comment

By Danny Lieberman, Security Expert and Founder of Software Associates

It’s almost a cliche to say that the security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years. Fragmentation of knowledge leads to waste and duplication, as well as frustrating, expensive and sometimes dangerous experiences for companies facing a data loss event.

Information Security in a Post 9-11 World

September 11, 2009 by ADMIN · 1 Comment

By Danny Lieberman, Security Expert and Founder of Software Associates

This is the 8th anniversary of the Al Queda attack on the US in New York on 9/11/2001. The world today is more connected, more always-on, more accessible…and more hostile. There are threats from Islamic terror, identity theft, hacking for pay, custom spyware, mobile malware, money laundering and corporate espionage. For those of us working in the fields of risk management, security and privacy, these are all complex challenges in the task of defending a business.