Stories by Bill Brenner

Solving the data loss prevention puzzle

A company can buy every top-of-the-line security product known to man, but it won't make a difference for data loss prevention (DLP) unless end users are educated on their own role. Technology is indeed critical to DLP, but security experts say user awareness is key to keeping sensitive data safe from online predators.
"DLP is a process first. The technology is simply an enabler for the automation of the process," said Rick Lawhorn, a Richmond, Virginia-based chief security officer. "The process needs to include education and awareness training and cover human resources, records management and compliance. The objective is to continuously train data owners and data custodians (the employees) on the company policies to reduce instances of non-compliance."

Written by Bill Brenner15 July 09 22:00

Swine Flu: Now That the Hype Is Over, Keep Planning

It's always hard telling people they shouldn't panic while also telling them they need to take their disaster preparedness more seriously. It's far too easy to come across as a waffler. Yet here I am, about to suggest something that might appear to contradict what I opined about last week -- see: <a href="">Swine Flu: To Fear is to Fail</a>.

Written by Bill Brenner08 May 09 00:43

Swine Flu: To Fear is to Fail

Whenever a crisis unfolds -- and we've seen many in recent years -- the famous line FDR delivered in his 1933 inaugural address comes to mind: "The only thing we have to fear is, fear itself."

Written by Bill Brenner30 April 09 04:28

Five Ways To Survive a Data Breach Investigation

Security experts say it all the time: If a company thinks it has suffered a data security breach, the key to getting at the truth unscathed is to have a response plan in place for what needs to be done and who needs to be in charge of certain tasks. And, as SANS Institute instructor Lenny Zeltser advised in CSOonline's recent How to Respond to an Unexpected IT Security Incident article, "ask lots and lots of questions" before making rash decisions.

Written by Bill Brenner16 April 09 09:11

A New Hope for Software Security?

Certain scenes from Star Wars come to mind when pondering the long, bitter struggle for software security.

Written by Bill Brenner11 March 09 04:45

From isolation to rock stars

Security practitioners used to be seen as propeller-hat wearing introverts hunched over computers in dark, cold basements for weeks on end, shunning daylight and anyone who tried to start a conversation with them. But times have changed.

Written by Bill Brenner10 Feb. 09 22:00

Slapped in the Facebook

For many people, social networking has become as much of a daily routine as brewing coffee and brushing teeth. IT administrators dislike it and cyber crooks depend on it.

Written by Bill Brenner09 Feb. 09 22:00

The seven deadly sins of network security

Anyone worth their salt in information security will tell you a solid defence is built upon multiple layers of technology, policy and practice. That's defence - in-depth.
The technology layers are a critical piece of that puzzle -- of course. But companies that suffer a major network breach have frequently failed on a more fundamental level. Here are the deadly network security sins experts say are rampant in the corporate world. Avoid these sins and you will have taken a critical step toward a secure network.

Written by Bill Brenner10 Dec. 08 22:00

The Myth of Cloud Computing

Why the rapid spread of virtual technology is becoming a security risk.

Written by Bill Brenner04 Dec. 08 08:25

Unisys' Chris Hoff on virtualisation and cloud computing

Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of vation security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly.
Here, Hoff explains how a lack of real understanding of virtualisation makes it very difficult to secure the technology.

Written by Bill Brenner11 Nov. 08 22:00

Ouch! Security pros' worst mistakes

It was a mistake so bad the person who made it asked that his name and company not be mentioned here. Let's call him Frank.

Written by Bill Brenner04 Sept. 08 08:05

Data breach fallout and the chief security officer's dilemma

In the wake of a data breach, the company's top brass may go looking for someone to blame. If you are the security chief, chances are it's going to be you.
It doesn't matter that you warned executives repeatedly that certain technological or cultural flaws were putting the company at risk, or that you had to maintain security with a shoestring budget and little or no staff. Chances are you'll take the fall whether you deserve it or not, says George Moraetes, a Chicago-based security contractor and executive board advisor for security event management firm IdentityLogix.

Written by Bill Brenner05 Aug. 08 22:00

FUD Watch: Vista less secure than Windows 2000?

About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. Those who wish to share their own examples of FUD can send them to

Written by Bill Brenner29 May 08 19:48