Archives For Risk Assessment

Ignore the first 8 seconds of this video (advertisements), then take notes.  Every one of your clients has one – a copy machine.  This video explains where the risk is and how to demonstrate it.  It this doesn’t wake them up, nothing will.  But make it part of your risk assessment so that you can actually show the client copies of every document they’ve ever copied.  If they are leasing the machine, it may be another company’s documents.  In this video you’ll see documents downloaded from a used copy machine in a warehouse.  One system contains sex crime unit pages, another from a police department, and a third from a health care organization. The key to closing business is in finding something urgent – security issues always top the list, but they must be demonstrated.  Here it is – 100% likelihood  (originally reported on in April, but worth taking a look at right now…Thanks to Matt for passing this on).

© David Stelzl, 2010



Notes, comments, and reminders from our partner security workshop in New York City…keep these things in mind.

  • Most deals are lost when you fail to communicate value before providing price
  • Budgets are lost part way through the deal when the focus is on product, or even data value.  There must be a measurement of likelihood, applied to high-value data, in order to justify a security sale.
  • Managed services deals dry up or get unseated when the deal is not based on maintaining an acceptable level of risk.  ROI may work short term, but will be replaced at some point by a cheaper alternative.  After all, if there is no perceived risk, the client can choose a cheaper solution and get the same perceived value.  Perception is reality.
  • Waiting on security disasters is a risky way to make quota.
  • Use assessments to drive sales – download my “Creating Sales” booklet, now available on my LinkedIn Profile. If you are not linked to me – please do…
  • Use sound bites to sell – I will be sending out more sound bites through twitter, so make sure you subscribe to dstelzl… these should come from sources such as the Wall Street Journal.  This strategy works.  IT will not be able to challenge you.
  • Refuse to propose to influencers.  Instead, connect them with your technical people, provide them with the things they really need to be successful (technical wisdom and direction), and make your move to the asset owners.

© David Stelzl, 2010


Well, after numerous attempts to get my traveling computer back in  service, I finally gave in and reloaded the entire system last night (note recent posts on my Dell support experience).  So I’m back in business in the electronic age.  Now on to more important things…

This weeks marketing events proved again that education, at the business leader level (when done properly), will convert an entire group of people with no apparent need, into educated consumers.  The results are clear:

– 31 attendees

– 20 companies represented

– 15 companies committed to move forward

– and best of all, we landed 35 additional meetings with people who wanted to attend, but were not able to make the date!

So with a strong focus, compelling message, and a mediocre list to work from, my client now has 50 appointments, and a strong follow up plan that will lead to some type of sale in nearly every case (based on previous events).

Stay tuned – I,m headed to New Zealand this afternoon with a full schedule in Auckland, Sydney, Canberra, and Melbourne over the next two weeks.  I hope to post some pictures along the way as well as update you on how the security message is playing out on the other side of the world.

Possibly a new record…”Heartland Payment Systems (HPY) on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.” – this is a quote out of Today’s USAToday article disclosing what may be the largest recorded breach to date…beating the TJX breach which they cite at 94 Million records (note my previous reports that cite numbers anywhere from 50 to 150 million records).  This is apparently the work of organized crime; a group the article says may be responsible for other attacks under investigation.  An actual record count was not provided – stay tuned for updates on this.

Also important in this report is a look at some of the investigation tactics.  A Security firm  called CardCops stakes out chat rooms where hackers spend time reviewing schemes, testing card numbers, and as we’ve seen in the past, boasting of recent successes.  Recent reports show “a 20% year-over-year increase in Internet chat room activity where hackers test batches of payment card numbers to make sure that they’re active.”

Sales Note:  Many mid-market companies are using third parties to process credit card transactions.  Breaches, while not the fault of the mid-market company, still affect that company’s reputation.  When conducting risk assessments or even discussing security, leverage these sound bites to create opportunity.  This may justify a look at the processing center on behalf of the organization you are working with.

Every once in a while a great article comes out on why companies are losing their data, despite the investments they’ve made in security.  This article was published earlier in the year, and I’ve referenced it in many of my classes and executive luncheons…it’s absolutely worth reading!  I have included two links; the first is the original article, the second drills down to review the kind of data Avi Baumstein found after building his own P2P search engine.  Make sure you look at the second link – it’s not a technical article, but it contains the sound bites you need for your next security discussion!

The bottom line of both links is this; companies that allow their data to be used on home systems, or allow family users to access the Internet through your client’s work system are in big trouble.  You can’t read this and walk away feeling like “you’ve got it covered!  Great information for those selling Data Leakage Prevention Solutions.  Also great insights for assessment initiatives. (updated link on April 10, 2012)