eWeek just posted my byline on How to Protect Data During Financial Mergers and Acquisitions.  Check it out.

BankInfoSecurity did a nice writeup on the Top 10 Security Breaches of 2008.  The lessons learned sections are of particular interest.  Numbers 2 and 4 are my favorites.

I recently had an interesting meeting with someone looking to implement DLP.  During our conversation the director of security began talking about tombstones and ransom notes.  I listened trying to figure out what the heck he was talking about… “Did I misunderstand him?  No.  There, he said it again.  He wants tombstones?  Ransom notes?”
I waited [...]

A few days ago I read a paper on DLP that caught my attention for the wrong reason.  The paper was by a reputable vendor.  It laid out a number of steps to secure confidential data, and generally speaking was “okay” as far as vendor papers go.
Note: I’m deliberately omitting the vendor’s name to avoid [...]

Many people ask whether data loss prevention is a lost cause because of its perceived complexity.  Just today I was speaking with a reporter about the technology and one of her first questions was, “how long does it take to get up and running.”  I get this question often and I always preface my response with, “well, [...]