Posts Tagged ‘data loss’

Compliance and Information Security: Common Sense Confirmed

Thursday, July 26th, 2007

So many times I’ve heard business leaders complain that the data protection requirements within the multiple laws and regulations only hurt business; that they are not necessary and have no true impact on really protecting data…they are just bureaucratic hoops forced upon businesses to placate the politicians’ constituents by lawmakers who know nothing about the nuts and bolts of implementing information security…and that the cost of compliance is only hurts the business’ bottom line.


Avoid Some Common Email Pitfalls

Friday, June 8th, 2007

There are increasing reports of email misuse, malicious use, mistaken use, and just plain bad implementations of email systems that allow the many outside threats and desperado insiders to exploit vulnerabilities.
It is most common for information assurance pros to be fairly diligent in trying to keep malware out of the enterprise network through scanning and filtering emails, and it is good to see that it is also becoming a growing trend to try and prevent sensitive data from leaving the enterprise, “leaking” is the current buzzword of choice, by using scanning and encryption. However, there are many other email mishaps and business damage that can occur through the use, or misuse, of email that can have negative business impact and legal implications.


Obscure Email Security Issues: Whitehouse Provides Lessons in Email Management Practices and Using Non-Business Email Accounts to Conduct Business

Sunday, April 15th, 2007

So much is in the news lately related to information assurance it is hard to pick which one to share my thoughts about. However, the misuse of email, managing email, and the maintenance of email systems, which I know I’ve already talked about recently, just keeps bubbling to the top of concerns.
Throughout last week and over the weekend while watching the news programs, listening to the political pundits, and reading various news magazines there has been much talk about how perhaps millions of Whitehouse emails have seemed to have vanished, along with discussion about the use of non-Whitehouse systems for Whitehouse business emails.


Obscure Email Security Issue: 5 Lessons About Re-using Email Addresses

Thursday, April 12th, 2007

Does your organization ever re-use email addresses whenever someone leaves the company? Do you know that some of your customers‚Äô and personnel’s email service providers re-use email addresses when their subscribers leave? Probably more than you realize.


Preventing Data Leakage Through Email and Instant Messaging

Tuesday, March 13th, 2007

Incidents continue to accumulate and hit the daily headlines. Many of them involve the loss of sensitive information through some type of messaging activity. The losses can have devastating impacts to business.
The messaging-related incidents are sometimes technology-based, such as social-engineering tactics through instant messaging (IM) communications, sometimes they pre-meditated malicious activities, and sometimes they are just plain ol’ “OOPS!! What the heck did I just do!!!!???” types of situations.


New Benchmark Research Report Released Today from IT Policy Compliance (ITPC): “Taking Action to Protect Sensitive Data”

Wednesday, March 7th, 2007

Today IT Policy Compliance released a new benchmark research report, “Taking Action to Protect Sensitive Data.”
I had the great oppportunity to not only have a sneak peak at the report, but also to speak yesterday about the report with Jim Hurley, the Managing Director for IT Policy Compliance who authored the report, and Heriot Prentice, Director of Technology at The Institute of Internal Auditors (IIA) which is one of the sponsors for the IT Policy Compliance site.