There’s been a lot going on in the industry since we last covered the Data Security Lifecycle, and it’s been far too long since the previous post. Today we’ll finish off our discussion of the controls technologies, and in our next post we’ll discuss supportive technologies, like Identity and Access Management and network encryption, that don’t fit neatly into the lifecycle itself. Since it’s been a while, here are links to the rest of the series:
Based on extensive feedback, these rules are now much improved over the initial draft. Thanks, all!
All the versions of this post are getting out of hand, so Rich has provided a permanent URL for the current Leopard ipfw post for future reference. Please use that link, so future visitors get the latest and greatest.
I’m working on a project where I’m having to codify some of my thoughts on the rise of the data security markets, and I’m lumping in application security since I consider the line between those two disciplines far grayer than we usually admit.
Ah, the silly season of predictions. Rothman has a round up of the early entries, and I’ll have more to say on that particular subject in my monthly Dark Reading column (should be up next week).
I was amused to get this in the mail today. Since I’m not a total bastard, I’ve removed the header and sender’s name.
This is just awesome.
The MPAA illegally used GPL licensed code in their University Toolkit (the license required release of the source code for any derivatives). They refused to respond to requests to comply with the license, and a developer issued a DMCA takedown notice to the MPAA’s internet service provider, who shut down the site.
Adrian Lane, frequent commenter on this blog, wrote about the desire for real case studies of breaches.
I’ve been spending a lot of time digging through breach statistics and all the public information on some major breaches in order to come as close as possible to root cause analysis. While I love the Attrition database and the Privacy Rights Clearing House, they are only able to enter what little data makes it into the public light. It makes for a nice Star Wars spoof, and is absolutely…
Today, in cooperation with SANS, Securosis is releasing Understanding and Selecting a Data Loss Prevention Solution. This is a compilation of my 7 part series on DLP, fully edited with expanded content, just like one of those DVD boxed sets!
On Monday I’m giving a presentation on data breaches at the SANS Encryption Summit (only a couple of hours after I keynote the DLP Summit).
I was talking with someone recently who rolled out whole-disk encryption to meet a compliance need. Someone told them they needed to encrypt, so they encrypted.