Knight and Day for SEC Response

A fantastic OpEd piece in the New York times by a former IT staffer discusses why the SEC’s initial thinking that testing all code, is not feasible. I was involved in one of these debacles before. An online banking system was updated resulting in customer viewing the last page viewed by the last customer who…

Wouldn’t You Like to be the Reuters Reporter for this Story???

Reuters hacked. Hey, guess what- you can outsource services, but not responsibility!

WSJ Profile of LulzSec

Interesting. My favorite is that the reporter calls them the “B+” team. I hope the reporter read my blog post about taking extra precautions before raising your public profile.

Lessons from WikiLeaks

As the author of this post points out, there has been a number of articles on WikiLeaks, but one point raised in the posting that I would like to focus on is how focusing on process as the sole means of compliance is usually not enough. To add insult to injury, State Department personnel admitted…

Consolidation of data

I’ve been reading research papers recently (I must be in a “deep thoughts” kinda mood) and one from IDC floated across my screen. It discussed the consolidation of data as a by-product of organizations looking for more accurate and more timely analysis. As an example, the nation’s health data is spread out over five large databases.…

Credit Suisse Report on IT

Credit Suisse has released a report on the current and future status of IT. (Click here to access the report: CS IT Hardware). It’s a bit long, but worth a skim for sure. I think there is some interesting insights (one glaring flaw is the failure to mention information governance- I guess we all can’t be perfect).…

Really? Really? Still not encrypting data on portable storage devices? Really? Really?

C’mon. How many headlines do you have to ready before you figure out you should encrypt data on portable storage devices? Portable devices are lost, stolen and copied. Encrypt them! Oh, and if you’re going to provide notice to your customers of the breach, do it within a month.

Resolution on Privacy by Design

I was going through some old emails and reread the EU Data Protection Commissioners’ Privacy by Design resolution from the October Jerusalem conference. The principles are: Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Respect for User Privacy The above makes good…

Next Practices

Solutions today for tomorrow's information problems

IT