(by Todd Feinman, Spirion Co-Founder and Chief Strategy Officer) The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting…
One way to try and determine how sensitive certain data is, and therefore how it should be classified, is to think about how the loss of the confidentiality, integrity, or availability of that information would impact your organization. The following table is taken from Federal Information Processing Standards (FIPS) publication 199 published by the National Institute of Standards and Technology (NIST). It provides a framework for determining the impact that can be…
Locating and Managing EU Personal Data for GDPR Compliance Spirion recently hosted a live webcast discussion on the topic of “Locating and Managing EU Personal Data for GDPR,” featuring a panel of security experts, comprised of: Colin Anderson, global CISO of Levi Strauss & Co.; Todd Feinman, founder and CEO of Spirion; Scott Giordano, privacy attorney and director at Robert Half Legal; and, Justin Suissa, principal at infoedge. In this…
(by Todd Feinman, CEO and Founder of Spirion) My team thought others would be interested in a memo that I sent to some friends and colleagues. The memo follows: I have received an overwhelming number of requests for information about what to do since the Equifax leak of 143 million SSNs was disclosed. I’ve tried to summarize those questions to help you protect yourself, your family, and your business. If…
(by Todd Feinman, CEO and Founder Spirion) Equifax allowed 143 million Social Security Numbers (SSN), Names, Date of Birth (DOB), and other personally identifiable information (PII) to be stolen. This affects most of us personally because we all have financial accounts (e.g., credit card, bank account, mortgage, car lease) and it’s highly likely Equifax was the recipient of your SSN from a bank who ran a credit report on you…
(by Cory Retherford, Spirion user) Greetings! I am a Solution Engineer for Spirion, LLC. My adventure using the data security software began in 2007 as the Indiana University Technology Services Manager for Student Enrollment Services. We had an organizational mission to provide a solution that would allow a better understanding of our data footprint and the types of data existing on our workstations, servers, and websites. As it happens, fate guided me to the…
Data classification is a core component of defining and understanding data that security and risk professionals must protect, as well as identifying the way employees should handle it and the types of security controls that are necessary. Data classification tools, which include manual (user-driven) and automated classification, help organizations apply metadata tags to sensitive data. In the last year, more than half of global security decision makers have implemented data…
Over the next 2 months, we’ll be posting a series of blogs that will share information and best practices garnered from over a decade of experience implementing data discovery and more recent data classification solutions. In this blog series you will learn how to identify data as sensitive, how to define a classification schema and separate your data, the risks of not classifying data balanced with the benefits of a…
Following Spirion’s presentation at RSA 2017, “The Impact of Data Discovery and Data Classification in Information Security” Dr. Larry Ponemon of the Ponemon Institute discusses some of the key findings from “The Importance of DLP in Cybersecurity Defense” Ponemon report. The report, which was published in February of 2017, found significant differences between responses of those that are using a manual approach to mitigate or curtail the leakage of sensitive…
At the 2016 RSA Conference in San Francisco, CA, Todd Feinman, CEO and Gabriel Gumbs, VP of Product Strategy presented on Sensitive Data Management Maturity – The DLP Missing Link. As a company and with the help of industry professionals, we created a Sensitive Data Maturity Model to help organizations identify where their data is, who owns it, what should be done with it, and how much of it exists….