You can't secure what you don't acknowledge.SM

Thursday, April 14, 2016

Will the DBIR include Verizon's latest breach?

I'm a little late to pull the trigger on this but felt compelled to ask the question nonetheless:
Will Verizon include it's recent breach in its (presumably) forthcoming Data Breach Investigations Report

...It's related to this press release I received ~3 weeks ago:

Wednesday, April 13, 2016

Why data classification is a joke

I just saw this post on Slashdot about 0bama saying that classified means whatever it needs to mean. It reminds me of how data classification is treated as an information risk management function in the enterprise: mostly non-existent:

Data classification programs that do exist are typically a joke whereby IT and security handles everything with no involvement from the business or legal or legal handles everything with IT and security being out off the loop altogether. I wrote an article related to this for Ziff Davis a couple of years ago:
The funny thing about "confidential" information

...I'm not even sure why we bother going through the's like security policies that are not enforced - who are we kidding!?