Dan Blum, Senior Vice President and Principal Analyst for the Burton Group follows on a previous interview with security vibes to discuss how to prevent data breaches. For Dan’s First Security Vibes Interview on Data Breaches www.youtube.com For Part 2 of this interview use the link below. tinyurl.com Dan offers three recommendations. Maintain baseline security User awareness, endpoint protection, network protection, laptop encryption – baseline is essentially tactical and you have to do them. Create an architecture to give a better long term posture against data breaches such as using terminal services. Examine some of your internal business practices that can make you more vulnerable. For example, when deploying strong authentication what do you use to verify the user should they lost the logon device. Most companies switch back to known personal data such as national insurance or social security number to verify the user. Much of this information is freely available in government databases. Instead you could use claims that separate identity attributes and authorisation to reduce dependency on the big secrets. Now if for example a database containing personal id information is breached, it is not such a big threat to identity theft as the information in these databases are not used to confirm a user’s identity. We hope you find the contents of this videocast helpful. Please do leave comments or ratings to let us know if you would like more of the same. warmest wishes Ben Chai Chief Editor www.securityvibes.com