Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« More Security Regulations in Your Future? | Main | No More Justification Needed: It's Time for Content Filtering »

Data Loss and How Not to Spin a Security Breach

This is no way to start the week. We’re all supposed to be psyched for all the latest and greatest security tools and buzz coming out of the RSA security conference but then I find this hit-in-the-head-with-a-frying-pan little ditty on TJX-scale data breaches: (thanks to Brian Krebs’ Security Fix at the Washington Post for this memorable one):

Mallory Duncan, senior vice president of the National Retail Federation, sums up their point of view: "Most of the larger banks have very sophisticated, round-the-clock fraud monitoring systems in place, but a lot of the smaller institutions don't have those systems," he said. "These institutions have abdicated their responsibilities in this regard, and now they want retailers to pay for it."

No I didn’t take this quote from a freshman essay demonstrating the use of irony. It seems that a retailer exposing tens of millions of customer accounts is the bank’s fault. Now that I think of it, my bout of male pattern baldness started about the same time I opened my first checking account … damn that Bank of America.

Seriously though, data loss prevention is a big problem. Mike Rothman at Security Incite is more pessimistic than I am about the collective RSA response to data breaches: He thinks they’ll be a lot of talk but not much action:

There will be a lot of noise about back-end and data center security. I tend to all this "information security," and given all the privacy breaches - this will be big news. This is last year's NAC. By that I mean, we will hear a lot about it, but very few solutions. The noise will be deafening at the 2008 RSA show, and maybe we'll have something to buy by 2009.

I suspect we’ll start to see solutions sooner that leverage the tools we already have. If we can make more effective use of what we have, and if vendors can make them easy enough to use so that companies currently "abdicating their responsibilities" can get with the program, then we’ll see some progress on preventing data losses.

Tags:  
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on February 5, 2007 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/211

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net