Securing the Enterprise: Crazy Ideas from the Ivory Tower

Doing security at a university is both interesting and scary.  Because you have to provide both an open environment for research and instruction, and enterprise level security for the business of the university, you really need to think way outside of the boxes that are available on the market. It occurred to me that many…

Details

You Can’t Stop Stupid: Security in the Academic World

One would think that working in a very prestigious university would simplify the job of the security department.  All you would have to do is tell people what was required and those people, with very large IQs, would understand and follow these simple (or not so simple) rules: Don’t click on stuff Don’t open attachments…

Details

Not Like the Others

(This is the sixth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. The fourth installment can be read here. The fifth installment can be read here. These principles, often represented in regulations and privacy…

Details

Being Data – The Principle of Participation

(This is the fifth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. The fourth installment can be read here. These principles, often represented in regulations and privacy practices, form the foundation for…

Details

Restricting Users With Admin Privileges Solves the Wrong Problem

CONTROL: Minimize the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing. This control is misunderstood and doesn’t solve the sensitive data protection problem. The real issue today is not “a machine has been compromised”. It’s “data on a machine has been exfiltrated…

Details

Consent: The Part of ‘Yes’ that We Don’t Necessarily Understand

(This is the fourth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. These principles, often represented in regulations and privacy practices, form the foundation for how an organization should treat the…

Details

Have Data Will Travel

I was recently invited to speak to senior executives about traveling with electronic devices.  I designed a presentation consisting of 11 slides and guessed it would take about half and hour to do. Was I wrong! It turns out that the topic generated a lot of questions and discussion. Much of which I thought would…

Details