You can't secure what you don't acknowledge.SM

Thursday, December 3, 2009

Another file/folder security option

One of the biggest vulnerabilities I come across in my security assessments is sensitive information scattered about unprotected drives/shares. Solutions to this dilemma include locating/classifying different information types, locking down shares and file permissions, and encrypting information on mobile devices. If the latter option interests you there's a new company I stumbled across called New that sells very reasonably-priced software that can help. I haven't tried it out yet but it's worth a look-see.

Tuesday, December 1, 2009

Funny thing about notices of privacy practices

I just received a "notice of insurance information practices" from my health insurance provider that says something to the effect of:
"ALL INFORMATION CONFIDENTIAL. We're required by law to keep your information confidential. It will be seen only by our employees and authorized business associates."

Really? Pretty gutsy statement from any business but especially one who's already been listed on the Chronology of Data Breaches.