CONTROL: Minimize the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing. This control is misunderstood and doesn’t solve the sensitive data protection problem. The real issue today is not “a machine has been compromised”. It’s “data on a machine has been exfiltrated…
Details(This is the fourth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. These principles, often represented in regulations and privacy practices, form the foundation for how an organization should treat the…
DetailsI think that there is some confusion about the concept of privacy in a public setting. It appears to me that some people really believe that they can walk around, let’s say on the campus where they work or go to school, and that their trip will be unnoticed. Let me tell you a story.…
DetailsI was recently invited to speak to senior executives about traveling with electronic devices. I designed a presentation consisting of 11 slides and guessed it would take about half and hour to do. Was I wrong! It turns out that the topic generated a lot of questions and discussion. Much of which I thought would…
DetailsSecurity is a word that brings up many different images depending on your experience, profession or industry. At a University, not only is the context different than at a bank, but it is different depending on what you are trying to secure. I do not believe that providing security for an organization is a cookbook…
Details(This is the third installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. These principles, often represented in regulations and privacy practices, form the foundation for how an organization should treat the customer data they collect.) We’ve both been…
DetailsAn estimated 40 percent of consumer systems are infected with malware and if your organization carries out any type of web commerce, online banking, or other type of financial transaction you must assume that your customer has malware. You can’t afford not to conduct the business so the big question is: How can you have a successful and secure transaction…
Details(This is the second installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. These principles, often represented in regulations and privacy practices, form the foundation for how an organization should treat the customer data they collect.) Imagine you belong to one of the largest,…
DetailsWe just came back from a two-week vacation in Europe; the last 3 days were spent in Florence, Italy. I say this not to make you jealous, but because the very nice boutique hotel (in a 1000 year old building) was a great example of a security principle that I speak about extensively: Match the…
DetailsSome data have always been big. Credit bureau’s have been amassing large databases on consumers for decades. The Federal agency that runs Medicare has massive databases of claims data on the medical care delivered to the elderly. Until recently, these large collections of data were generally limited to large, well known entities such as these.…
Details