Data Security
Input Validation and Data Dictionaries
Our internal discussion board brought up the topic of input validation last week. The discussion was around the regex for validating an email address. The message was that what seems like a very simple input validation can get complicated if the full standard is supported. As I read the discussion I started thinking about Data [...]
Is Digital Evidence the Forcing Function After Compliance?
My Saturday US Mail delivery (so sad if it goes the way of the dodo bird) arrived with several notifications of class action lawsuits for companies in which I’ve held equity positions. As I walked back from the mailbox, I had the thought: HIPAA and PCI protect the consumer, but who/what is protecting the business [...]
Please Don’t FUD the Animals
I absolutely enjoyed the insight shown by Thomas Wailgum in his recent article “How TJX Avoided Wall Street’s Wrath“, mostly because I have long been in complete agreement with the premise. With respect to security professionals, unfortunately, TJX now appears to be “the one that got away.” Let me explain, with tongue planted firmly in [...]
DRM as an Entree to Questions on Data Security
Sammy aimed two recent entries at those attempting to govern security and expenditure in an organization. I’m using his posts as license to wax more philosophically. Specifically, I’m going to use Digital Rights Management (DRM) as a lightning rod for conversation about protecting data end-to-end in one’s system (the topic of my next–far more focused–post). [...]
Unavoidable Inevitability
“We have long had death and taxes as the two standards of inevitability. But there are those who believe that death is the preferable of the two. ‘At least,’ as one man said, ‘there’s one advantage about death; it doesn’t get worse every time Congress meets.’” ~Erwin N. Griswold Just look at them grow… they’re [...]
