I find it a little misleading to use ChoicePoint as the basis for computer-access related data loss issues. ChoicePoint had nothing to do with unlawful access to digitized data and everything to do with lack of proper administrative controls in non-digital business processes.
The criminals in the ChoicePoint matter represented themselves as legitimate businesses looking for marketing leads, and received the leads through normal business processes. In that case, it was a matter of poor offline authentication of identity and access rights, not digital security.
There was no systems intrusion by the perpetrator, so it seems like the argument of this article would be stronger if the argument were: After ChoicePoint, companies still have lax administrative processes are leading to data loss.
As privacy and security professionals, we cannot pretend that every solution is a technical one. The most recent research shows that most data breaches -upwards of 60% - are due to human factors. I know many of us depend on selling and building technical solutions, but our solutions cannot solve for those factors.
To the point about the level of due care being exercised in securing data, it’s worth noting that enterprises have two big networks they must protect - data and phone - which are increasingly interconnected.
It has been long accepted that every Internet connection should be protected with, at least, a firewall, and preferably with network IDS, IPS, DLP, etc. However, most enterprises still leave connections to the public phone network unsecured. Leading commercial and government enterprises are now exercising a higher level of due care by deploying VOICE firewalls on every connection to the public telephone network to PREVENT two categories of attacks:
(1) Access into the data network via voice devices such as modems, and
(2) Abuse of the voice network via costly toll fraud, threatening calls, fax spam, voice mail access, Denial of Service, etc.
Beyond the large security benefits, voice firewalls enable substantial savings in telephone services and operating costs, afforded by the granular visibility and control they enable.
-- Rick Jordan, SecureLogix Corporation
Lessons of ChoicePoint, 4 Years Later
Four years after the ChoicePoint fiasco brought data insecurity to the forefront, we still have much to learn.
» View Article
I find it a little misleading to use ChoicePoint as the basis for computer-access related data loss issues. ChoicePoint had nothing to do with unlawful access to digitized data and everything to do with lack of proper administrative controls in non-digital business processes.
The criminals in the ChoicePoint matter represented themselves as legitimate businesses looking for marketing leads, and received the leads through normal business processes. In that case, it was a matter of poor offline authentication of identity and access rights, not digital security.
There was no systems intrusion by the perpetrator, so it seems like the argument of this article would be stronger if the argument were: After ChoicePoint, companies still have lax administrative processes are leading to data loss.
As privacy and security professionals, we cannot pretend that every solution is a technical one. The most recent research shows that most data breaches -upwards of 60% - are due to human factors. I know many of us depend on selling and building technical solutions, but our solutions cannot solve for those factors.
To the point about the level of due care being exercised in securing data, it’s worth noting that enterprises have two big networks they must protect - data and phone - which are increasingly interconnected.
It has been long accepted that every Internet connection should be protected with, at least, a firewall, and preferably with network IDS, IPS, DLP, etc. However, most enterprises still leave connections to the public phone network unsecured. Leading commercial and government enterprises are now exercising a higher level of due care by deploying VOICE firewalls on every connection to the public telephone network to PREVENT two categories of attacks:
(1) Access into the data network via voice devices such as modems, and
(2) Abuse of the voice network via costly toll fraud, threatening calls, fax spam, voice mail access, Denial of Service, etc.
Beyond the large security benefits, voice firewalls enable substantial savings in telephone services and operating costs, afforded by the granular visibility and control they enable.
-- Rick Jordan, SecureLogix Corporation
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK