Archive for the ‘Classification’ Category

What is the True Cost of a Data Breach?

Wednesday, May 14th, 2014

This week, TITUS released an infographic that contains some sobering figures about the true cost of a data security breach. While lost data can mean lost intellectual property (which is hard to place an accurate value on), it most certainly would include fines, expensive customer communications, lawsuits, and an evaluation of technology and/or policy.  All totaled, the Ponemon Institute’s 2014 Cost of a Data Breach Study pegs the cost of a lost record in the US at $195 per record – up from $188 in 2013.
(more…)

Easily Transition from UK GPMS to GSC

Thursday, April 3rd, 2014

Effective April 2, 2014, the new UK Government Security Classifications (GSC) policy replaces the previous Government Protective Marking Scheme (GPMS). The new policy requires the classification of Her Majesty’s Government (HMG) information assets into one of three types: OFFICIAL, SECRET, and TOP SECRET. This classification scheme, simplified from the previous GPMS seven-level classification scheme, will help ensure that government staff, contractors, and service providers can more easily safeguard information.
(more…)

Security is a Business Imperative, Not an IT Task

Thursday, November 21st, 2013

I’ve noticed a distinct theme throughout a number of different analyst report I’ve recently read  -  that the protection of information and data assets is a business task which needs guidance from the business unit leaders. Take as an example…

As executives see more and more media coverage of data breaches and security incidents, the inevitable question is: “What are we doing to make sure that doesn’t happen to us?”

Contrary to 2012 when privacy responsibility was shifting to an organization-wide accountability, in 2013 it’s falling more onto the security group within enterprises. [It’s] a matter of concern if more and more enterprises deem the security group fully responsible for privacy and regulations. Ensuring privacy requires a union of technology, policy, and culture, and a harmony between many business units from security to legal to HR to employees.

-          Understand the State of Data Security and Privacy: 2013 to 2014 (Forrester)

(more…)

The Evolution of Classification

Wednesday, October 23rd, 2013

Last week, the lead whitepaper in TechTarget’s Daily Top 5 was titled, How to Tackle Information Classification – published by the Jericho Forum. Naturally, I was interested to see what it had to say and eagerly downloaded it only to find that it was originally published in January 2009 – almost 5 years ago. Despite its age, the whitepaper is a solid introduction to information classification, the benefits and the challenges. In particular, it provides confirmation that classification is the lynchpin to successful security in a “de-perimeterised environment.” But there were a few areas where it was a bit, shall we say, “stale.” The Jericho Forum whitepaper identified some problems which, in the years since it was published, have been successfully addressed.

Let’s look at the three main problems areas that the Jericho Forum whitepaper identified: (more…)

Stop Guessing the Value of Your Data

Thursday, October 17th, 2013

It is budget season and I have been wondering: how does a company prioritize their data security spend? Unlike building the business case for revenue generating activities, like a new sales plan or a new product, the business case for data security is difficult to quantify. Why? Because it is focused on limiting loss – but it is difficult to both, a) put a value to your data, and b) estimate the cost of a breach.

Legal obligations force a “value” on certain data, so it is fair to say that the cost and effort to protect this data is a good minimum budget. But is that enough to protect the rest? (more…)

Changes to ITAR compliance coming

Tuesday, September 17th, 2013

In October, there will be two new rules affecting the Export Control Reform made by the Departments of State and Commerce. On October 15, jurisdiction of many military items, which have been deemed less sensitive, will be moved from the U.S. Munitions List and governed by the State Department’s International Traffic in Arms Regulations (ITAR), to be on the Commerce Control List that is governed by the Commerce Department’s Export Administration Regulations (EAR). The 600 Series classification provisions will allow this to happen, as it will mandate sweeping changes to the affected items, such as a “catch-and-release” definition of items that are controlled for defense and trade purposes.

“While there is still more work to be done, taken together, these reforms will focus our resources on the threats that matter most, and help us work more effectively with our allies in the field,” President Obama said at the Department of Commerce Annual Export Controls Update Conference. “They’ll bring transparency and coherence to a field of regulation which has long been lacking both.”
(more…)

Your Success Is Tied to Your Intellectual Property; Is Your IP Tied to You?

Friday, July 19th, 2013

A few years back my wife and I spent a great deal of time and effort writing a business plan. We researched the market place, analyzed the threat from local competitors and built the financial and resourcing plans that would ensure our success. When we were done, we shared the plan with our potential investors (friends and family).

Happily, when we shared our plan it received an enthusiastic response. Unhappily, it was so well received that one of our friends thought to share our business plan with some of his work colleagues.

Yikes!
(more…)