Entries by Jonathan Gossels

How Do I Secure Sensitive Data?

How do I secure sensitive data?  The first step is knowing where your sensitive data resides. Second is having set policies to systematically and consistently categorize the data and having controls in place to ensure that all categories of data are handled appropriately. For example, if a company had a policy that said that any […]

The Importance of Frameworks

The world of IT security and compliance is simply too big and too complex to keep all the requirements straight in your head.  It is too easy to overlook something important.  That’s where frameworks come in (note: I’m purposely conflating the terms framework and standards here).  Frameworks help you ensure that you have covered all […]

The Power of Integration

In August, I gave two talks to two very different groups (the Association of Contingency Planners – Liberty Valley Chapter hosted by The Vanguard Group and the closing keynote to the IT bank examiners from all of the Federal Financial Institutions Examination Council – FFIEC agencies [Federal Reserve, FDIC, Office of the Controller of the […]

You Just Never Know

In business school, Professor Eric Von Hippel taught us to look to high need and lead users as a source of innovation. Reflecting back on the services that SystemExperts offers, he was exactly right. Our Security Blanket service was born out of the need of a major financial institution to make sure that the web […]

Data Anonymization for a Multinational Bank

We just finished an intensive multi-month effort helping a premier multinational bank figure out how to eliminate production data from its development, test, and QA environments. One of the dirty secrets in our industry is that all too often real data is used in these environments without any of the controls normally associated with protecting […]

The President’s Cyber Security Action Plan

Wow! President Obama and his team of cyber security policy advisors really get it. When I read the President’s remarks and the background report from which these recommendations were drawn (http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf), as a security professional, I can only stand up and applaud. “This new approach starts at the top, with this commitment from me: From […]

2007 in Review

Every year at this time we share with clients and selected industry leaders the key trends we’ve been seeing over the course of the year. Our conclusions are distilled from a combination of the types of projects we’ve completed and a reflection on the discussions we’ve had with clients and prospective clients about their security […]