Archive for ‘Prevent Wikileaks’

Bridging the Cybersecurity Talent Gap

Thursday, July 28th, 2016

john_timmerman-ns

Recently, a colleague of mine attended the 2016 CISO Leadership Forum in San Francisco where he had the opportunity to listen to Steve Zalewski, Chief Security Architect for Levi Strauss & Co., discuss the state of his cybersecurity resources. “I don’t need more hammers,” Mr. Zalewski stated, “I need more people to swing them.” The current shortage of cybersecurity experts is creating a “perfect storm” that could spell data disaster for a lot of organizations, both public and private. While cyber threats are growing more sophisticated and dangerous, a recent Cisco report highlights that there are 1 million open cybersecurity positions globally. This is a significant talent gap that is not going to be remedied quickly and is already causing significant difficulties.

So where can a data security team find more people to swing the data security hammers?

cybersecurty shortage
(more…)

 

 

Top Data Security Blog Posts for 2011: Data Classification, Mobile Security, Data Security and Compliance, Data Loss Prevention, and Cloud Data Security

Wednesday, December 28th, 2011

As 2011 draws to a close, I thought it would be interesting to provide a list of the most popular data security articles on this blog. Here are the topics and articles that were most popular with our readers:

1) Data Classification

More and more commercial organizations have started to see data classification as the foundation of their information protection strategy. We wrote several articles about this trend, including an article that described how to implement a data classification policy in 5 simple steps, and an article that recommended best practices for defining a data classification scheme. Readers were also interested in how to use classification software to bulk classify, mark, and label large numbers of files.

2) Mobile Security

Mobile security has become a hot topic, especially with the trend toward consumerization of mobile devices. (more…)

 

 

Complying with Obama’s Executive Order to Improve Security of Classified Networks

Thursday, October 13th, 2011

On October 7, 2011 President Obama issued an Executive Order (Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information) “in order to ensure the responsible sharing and safeguarding of classified national security information (classified information) on computer networks”. This is as a result of the Wikileaks incident of last year.  One of the major focus areas of the Executive order is to reduce the possible threat of insiders leaking classified information out of the government.
(more…)

 

 

Wikileaks Guantanamo Files – How Can Security on Classified Systems be Improved?

Wednesday, May 4th, 2011

Last week saw another round of Wikileaks releases. This time secret US files on 764 detainees held at Guantánamo Bay, Cuba over the past decade have been published by the WikiLeaks website. These memoranda, which contain JTF-GTMO’s recommendations about whether the prisoners in question should continue to be held, or should be released (transferred to their home governments, or to other governments) contain a wealth of important and previously undisclosed information, including risk and health assessments.

The documents are available from WikiLeaks as PDF documents, but could well have been originally written as Microsoft Word documents. The documents have been properly classified. For example, here is a typical classification from one of the documents – S E C R E T / / NOFORN / / 20330428, which means the document is classified as Secret and should not be released to any foreign governments.
(more…)

 

 

WikiLeaks – How Classification Metadata and DLP can Help

Monday, December 6th, 2010

I’m sure everyone has heard about the recent Wikileaks of diplomatic cables.  These cables discussed diplomatic viewpoints of a number of countries.   They were embarassing to both the US and other countries quoted.

Many of the wikileaks were as a result of a single malicious leak of information by an army intelligence analyst.  Stopping malicious leaks is much more difficult than trying to stop inadvertent disclosure.  Inadvertent disclosures are mistakes, and often a warning to the user is enough to stop a leak.  Malicious users will try any method to extract and disclose information.  Some of these, such as taking a picture of the screen, or re-transcribing the infromation are almost impossible to stop.  But the thing that stands out in the wikileaks case is the massive amount of information that was leaked.  You should be able to stop a leak of this size, as some kind of alarm bells should ring when someone is trying to copy of download this much information.

Here at Titus we build software to help with inadvertent data leaks, and to make information sharing easier.  When we look at the Wikileaks case we do see a few areas where our classification solutions could have helped prevent the problem.   (more…)