Tags Archivesdata discovery

Living in a State of Compromise standard

Imagine for a second that your boss came up to you and said, “We’ve been compromised. Assume trust doesn’t exist. Now define our new security organization and architecture!” Unfortunately, it may take events like that to change our perceptions or actions when approaching securing our organizations. Depending on who you talk to, we already are living in a state of compromise. I prefer removing the element of trust form my strategy as much as I can, and focus on how I would secure a system, application, or network if I knew there were hostile elements in it. Changes your perspective a bit, doesn’t it? All of the sudden, those satellite locations start looking less like friends and more like foes. ...

Continue Reading

The Perfect World standard

I was recently asked in a meeting of the minds to describe my view of the perfect world as it related to PCI DSS. For those of you who read my work often, you may notice a few themes that I continue to write about. I believe that security is a business problem and security professionals have historically done a poor job of quantifying information security risk in a manner that makes sense to a business person. In my perfect world, companies would understand the value of the information they use to drive their business, and they would protect or transfer risk accordingly. Sounds simple on the surface, but if you have been in business in the last five years ...

Continue Reading

How Much Backup Media do You Have? standard

Disk space is cheap.  Cheaper than it ever has been.  In fact, if you try to purchase small disks for legacy applications, you might be in for an exhaustive or expensive search. For example, I was looking to replace a 20 Gig 2.5″ PATA drive with a 40 Gig one.  Good luck!  Not only did I not find ANY PATA drives at some local big box retailers, but going to Fry’s yielded me two choices: 160 Gig or 250 Gig.  The price of both of those was cheaper than what I could find online in the 40 Gig range. With disk space being so cheap (sub $100 per terabyte) and data storage growing at insane rates, is it easier to ...

Continue Reading

Will PCI Mandate the Use of Data Discovery Tools? standard

The PCI Europe Community meeting was set in the beautiful Marriott in Old Town Prague last week, and even though there were fewer attendees than the meeting in Vegas, there was no shortness of intensity and well researched questions. One individual asked about the use of Data Discovery tools as a mandate to assist in the scoping of PCI assessments.  Imagine as a QSA walking into a customer, running a tool, and knowing EXACTLY the scope of the PCI assessment you need to perform!  There would be little chance that you under- or over-scoped it, and all those little nooks and crannies that scare the bejeebus out of a QSA would be documented right there for review. If you are ...

Continue Reading

Splain it, Brando!, and Finding your Data standard

On Thursday, I threw out a blog post which I hope to be the start of a series playing on Dave Ramsey’s style for financial peace, and realized I played the role of a consultant PERFECTLY (just like Marshall Eriksen might LAWYER you). SK pointed that out for me when he asks me to elaborate. In a back to school fashion, imagine this conversation as played through your teenage daughter’s cell phone. “I was all, ‘Just find the data!’, and he was all, ‘Whatever.'” I am so in touch with today’s youth. SK brought up a good point.  Let’s say you are working with an enterprise that does not have any of the following: 1) a working DLP solution, 2) ...

Continue Reading

Dave Ramsey Applied to Security, Baby Step #1 standard

I’ve been on a Dave Ramsey kick lately.  I like his message and his concept of declaring war on debt.  One of his mantras can save people TONS of cash if they would just use basic things they learned in school. “Do the math!” Everyone out there has a brother-in-law, church buddy, or friend of a friend who is “a finance guy.”  We tend to listen to people we consider experts without questioning their motives, simply because we don’t believe we can comprehend the complexity of the question enough to figure the answer out ourselves. For example, several years ago I went to a car dealership to buy my wife a new car.  I had just recently graduated with my ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!