Data getting into the wrong hands can be added to the list of life’s certainties right next to taxes. The ISACA journal article I published with Ben Halpert titled, “Mistakes Happen! Mitigating Unintentional Data Loss” highlights many of the ways data inadvertently escapes companies’ control….
Blog
85 Results Found - Page 9 of 11
Data Loss Protection – There’s a new P in DLP
We stumble upon articles— like this one, where a lost USB stick exposed Heathrow airport’s security framework and the Queen’s travel plans—every day. We read these articles, we scratch our heads, contemplating and even researching the impact. Our curiosity always returns to the same question: How in the world…
The Trichotomy of National Security, Data Privacy, and Data Protection (Part 2)
In my previous post, we discussed in broad terms how the current silos of security solutions don’t really work in today’s cloud-first, mobile-first world. To really understand those limitations, we need to walk through a couple scenarios using vastly different ecosystems. What will be clear is…
Beyond Compliance
295 days from the time I am writing these words is the beginning of enforcement for GDPR. By the time this is posted to the web, that number will be smaller. There will be fewer days still once you read this. Time is a funny…
Context-Based Entitlements Prevent Accidental Data Disclosure and Exhibit the Best of Privacy by Design
So much has been written about the damage caused by accidental data disclosure and also the need to design privacy controls into business systems and processes to prevent these mistakes. We’d like to focus here on two real-world examples that illustrate how companies can leverage the…
Defense-in-Depth: Stemming Leaks of Sensitive Data from Cloud Storage (Part 3)
In the first and second part of this blog series, we talked about the benefits from using cloud storage, but also the concerns that organizations face when considering adopting it. We showed several incidents where data was stored in cloud storage and it was generally accessible. These incidents highlight…
Strategic, Not Tactical Security
The message of strategic security shared by PwC at a 2013 ISACA conference is just as relevant today as it was when it was presented almost 4 years ago. Looking through a strategic lens, solution developers and enterprises can drive ROI through control rationalization and…
Planning for Emerging Risks in the 2018 Audit Cycle
The end of the year is approaching and planning for the final risk assessment and 2018 audit plan will start soon. With penalties of up to 4% of world-wide revenue, General Data Protection Regulation (GDPR) can’t be ignored. This regulation applies to all companies processing the personal…