Home

The two biggest security issues today for a business both from an operational and regulatory perspective are fraud and data loss. An  insider, often colluding with an outsider, can cause large scale damage to the business by manipulating transactions.

Read this excellent post on Israeli Software

The two top categories of operational risk are Internal and External Fraud, but what IS “operational risk” exactly?

The best definition of operational risk comes from Basel II, which defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Although originally designed for the banking system where regulatory safeguards are designed to  protect against large scale failure of the banking system and the economy; a systematic approach to operational risk management is important for any kind of organization

Read more

Most organizations separate the two functions: security functions typically inside the IT department and compliance usually reports to corporate finance or general management for large companies in a Chief compliance office.

We believe that security and compliance operations in a company are synergistic.Question is - How can you do it without committing political suicide in your company?

Read more

In a recent article published online at the JFK School of Government at Harvard - Malcolm Sparrow talked about how controlling risks, is a central challenge for government regulators charged with the task of reducing societal ills and preventing bad things from happening. Professor Sparrow notes there does not seem to be a well-established language for risk assessment.

We think it is interesting to analyze the causes for this situation

Read more

This article reviews the main areas for concern for protecting information assets from internal threats and vulnerabilities. It starts with an anecdote from an interview with a senior manager and concludes with a recommendation for implementing an approach to protect data directly (as opposed to commonly-used methods that attempt to protect the network and limit user permissions).

Read more

Abstract

Data loss prevention is a rapidly emerging network security technology area that has matured from simple regex-based Web / email content filtering products into products such as Fidelis Security Systems XPS that perform deep inspection of documents such as Microsoft Word and Adobe PDF with high levels of precision and recall.

Read more

Attack the attackers

I believe many people involved with IT security have a feeling of frustration that stems from continuously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. What should you do?

Consider the three basic tenets of IT Security

Read more