Optimal Security : the Lumension Blog

So, upon my return to the Valley of the Sun and after figuring out where our new offices (let alone the coffee machine and bathrooms) were (Lumension has moved, in case you’ve not heard – 3rd floor with a seriously sweet view), I settled down to see what happened over the holidays. First up – [...]

Over the past months it has been interesting to watch the furor over certain End-User License Agreements and the definition of data ownership.  Most draconian was the idea that once posted by a user, the data transferred ownership to the social networking site.  This of course has huge implications to an individual user, especially for [...]

Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet.  The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr’s bloom.  In some circles, this seems to have lead to a complacency or belief that botnet infections are not [...]

For the past two years, I have been closely watching the genesis and implementation of a very interesting program mandated by the Office of Management and Budget (OMB) of all U.S. government agencies called the Federal Desktop Core Configuration (FDCC). The idea behind FDCC was simple: through an OMB developed standard configuration set-up, organizations can manage endpoints [...]

When we discuss the protection of data residing in the enterprise, there are some common data types that seem to always be the focus of the discussion: credit card data, patient data, customer lists, financial reports, etc.  One class of data that is not always part of the discussion but should be is intellectual property [...]

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with / clean out my RSS feed …
Targeted Attack. It was widely reported last week (see here and here and here) that a convicted Swedish hacker was charged with the 2004 attack on Cisco Systems (where he stole source code), NASA’s Ames [...]

The California State Senate just passed Senate Bill (SB) 20 (warning: dense legalese), which augments the groundbreaking Data Breach law SB-1386. Sponsored by Sen. Joe Simitian (D-Palo Alto), who also sponsored SB-1386 in 2002, aims to strengthen existing privacy protection laws for California consumers. It is now headed to the State Assembly for approval.
Currently, organizations [...]

There’s no way this ends well.
The Wall Street Journal recently reported (sub. req’d) that Starwood Hotels filed suit against Hilton Hotels and two former employees, Ross Klein and Amar Lalvani, for corporate espionage, theft of trade secrets and unfair competition. Klein was the former President of Starwood Luxury Brands Group, and Lalvani was formerly Senior [...]

The focus for those of us in the data leakage arena has generally been on the “big holes,” especially when it comes to the risk of insider theft… email, removable devices and drives (e.g., USB flash drives, external HDDs), removable media (e.g., CDs / DVDs). And for good reason. Why?  Well, first, as I’ve mentioned before, [...]

Some time ago we wrote about the new Massachusetts Data Protection law, slated to come online in May this year (after being delayed from the start of 2009). As you may recall, this law  (201 CMR 17.00) is stricter than past laws, more specific than any state’s data security regulations to date, and more expensive [...]