OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] (semi-OT) The struggle to protect enterprise data

From: lyger (lygerattrition.org)
Date: Tue Jun 26 2007 - 17:34:21 CDT


>From security curmudgeon (jericho_at_attrition.org)

From: InfoSec News <alertsinfosecnews.org>

http://www.infoworld.com/article/07/06/25/26FEdataprotection_1.html

By Matt Hines
June 25, 2007

Long ago, when businesses kept sensitive information locked away in file
cabinets and safes, it was relatively cheap and
easy to store valuable data and control who had access to it. Today,
enterprises invest millions in security, storage,
and compliance technologies -- all in the name of increasing visibility
into where vital electronic information lives and
how it is being defended.

Despite those efforts, most experts and customers admit that in most
companies the process of tracking down every piece
of valuable company data -- and applying the appropriate tools to shield
information from unwanted access or misuse --
remains in its beginning stages.

The heart of the matter is visibility. Enterprises feel uncertain whether
todays technologies are providing an accurate
sense of where things stand or are merely creating a false sense of
security.

Seeing blind spots

When forensic experts called in by businesses to investigate external data
breaches and insider threats tell their
stories, the traumatic events that lead to brand-trashing headlines and
regulatory punishment are most often based in the
business lack of knowledge of where its sensitive data is.

Enterprises are improving their ability to safeguard the stockpiles of
sensitive information they know about, admit
investigators, but many remain blind to additional stores of important
data or the flawed processes they use to transmit
information electronically. Both problems leave them vulnerable to leaks
and attacks.

"In almost every case we've investigated where companies have experienced
a serious data breach, the reality is that the
companies didn't know they had the information where it was stolen from
until it's too late and the data has been taken,"
says Bryan Sartin, vice president of investigative response at Cybertrust,
a provider of managed security services that
lists risk assessment among its specialties.

[..]

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 209 million compromised records in 706 incidents over 7 years.