Tags ArchivesBCP

Do Small Service Providers Scare You? standard

Take PCI off the table for a minute. Do you get nervous when dealing with a small service provider that performs some niche service for your company?  It doesn’t have to be cardholder data related, but it definitely needs to be some kind of data that is either regulated or is classified as something other than public—data like PII, healthcare, or even intellectual property. Smaller providers can sometimes provide higher or better security than larger ones, and that may be beneficial long term—especially when doing the value proposition. But in some cases, smaller providers are providing a niche service to a larger customer, and are operating on a skeleton crew.  Imagine if a company like Ford Motor Company selected Brando’s ...

Continue Reading

How Much Backup Media do You Have? standard

Disk space is cheap.  Cheaper than it ever has been.  In fact, if you try to purchase small disks for legacy applications, you might be in for an exhaustive or expensive search. For example, I was looking to replace a 20 Gig 2.5″ PATA drive with a 40 Gig one.  Good luck!  Not only did I not find ANY PATA drives at some local big box retailers, but going to Fry’s yielded me two choices: 160 Gig or 250 Gig.  The price of both of those was cheaper than what I could find online in the 40 Gig range. With disk space being so cheap (sub $100 per terabyte) and data storage growing at insane rates, is it easier to ...

Continue Reading

What Security Professionals can learn from BP Oil Spill standard

One of my favorite things to do is take a case study or real world situation and apply it to our industry or my job.  The first time I did this in earnest, I wrote Data Flows Made Easy. I was inspired by an article published in the Harvard Business Review that described the disconnect between different groups of designers and engineers ((Sosa, Manual E., Steven D. Eppinger, and Craig M. Rowles. “Are Your Engineers Talking to One Another When They Should?” Harvard Business Review, Volume 85, Number 11 (November 2007): 133-142.)).  I was somewhere on a plane (SURPRISED!?!?) and as I read through the article, it struck me that this method could be directly applied to data security and ...

Continue Reading

The Breach You Didn’t Expect standard

Portions of this post originally appeared in the March 2009 Issue of the ISSA Journal. We just got our first severe weather scare of the year in Texas. A tornado was reported less than five miles from my house by spotters on February 11th. Some of my customers have facilities in Tornado Alley and have heavily fortified their data centers to take a direct hit by a tornado. Usually, the secondary data center is also in Tornado Alley. Why would you put two data centers in harms way? When you run the probability calculations, the likelihood of both being destroyed is about the same as an intersection in Montana having a Starbucks on every corner ((OK, I’m going out on ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!