Is Information Protection Even Possible?
By Danny Lieberman, Security Expert and Founder of Software Associates
The author of a ComputerWeekly article correctly identifies that it’s easier to access data and leak it than it is to modify or delete data. However, the notion that data is out of control in the corporate world is an over-reaction, and does a mis-justice to most businesses.
Data Breaches Show PCI DSS Ineffective
By Danny Lieberman, Security Expert and Founder of Software Associates
Are companies assuming that a data security breach is cheaper than security? If PCI is a failure, it is not because it doesn’t prevent credit card theft; there is no such animal as a perfect set of countermeasures. PCI is a failure because it does not force a business to use it’s common sense and ask practical, common-sense business questions.
PCI Compliance Does Not Equal Security
By Danny Lieberman, Security Expert and Founder of Software Associates
I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…
Reality to Palin: Anybody In There?
Feature By Kevin M Nixon, MSA, CISSP, CISM, ♦ ISR Master Security Editor
“Now, think about the current state of the global economy. If publicly-traded Corporations use these services and do not disclose the risk in their Sarbanes-Oxley (SOX) disclosures to the Securities and Exchange Commission (SEC) they are committing a Crime and deserve the fines and deserve to serve the time in prison as stipulated by law. We hear calls for stiffer regulations, oversight and transparency, but; do we really know how much of our private information is “out walkin’ around” already?”
Wait - The Palin Story Gets Worse…
Feature By Kevin M Nixon, MSA, CISSP, CISM, ♦ ISR Master Security Editor
“Once the Governor began transmitting information in an unprotected manner via her personal web-based email account, which was outside the State of Alaska’s highly secure and well protected network, there was no way to guarantee the safety and integrity of those date floating in cyber-space. In other words, there was no way for the Governor or other state employees to know if the information which was being transmitted was being intercepted and read by someone who was not authorized under the State’s Data Security Policies and Procedures or the Federal Data Privacy Laws.”
