8 hours ago
Friday, February 26, 2010
Spycamgate followup
I’ve written previously about “Spycamgate,” wherein a school administrator tried to hold a student accountable for perceived behavior at home based on images taken from a camera on the student’s school-issued laptop. The school’s defense is that the webcams are a security feature to track down lost or stolen machines. If so, the school is illustrating how not to do security. In this instance, doing security wrong consists of doing security in a way that is disrespectful of other people’s security. The case for the importance of meticulously respecting other people’s security is simple to make: there are civil and criminal laws against disrespecting other people’s security:
Wednesday, February 24, 2010
Security Without Tears or Apology
In plugging this blog, for which I’m grateful, Avedon Carol mentioned that my subtitle “Security without apology or tears” doesn’t necessarily make immediate sense. I thought I’d spend some time talking about that.
Every time I tell someone I do information security for a living,
Every time I tell someone I do information security for a living,
Friday, February 19, 2010
School Principal Spys on Children at Home via Laptop Camera
Whichever side of the infosec coin one is on, a jargon we use to refer to the control of a system is ownership. We refer to a system as “compromised” or “owned” or “pwned” if the person who owns it isn’t also the person who owns it in the legal sense of the term. Most information security practice is concerned with preventing and detecting inappropriate changes in ownership-with-a-p.
Wednesday, February 17, 2010
Governance Part 2: Charters, Visions, and Missions
In my Introduction I listed charters, visions, and missions as the documents that state what you’re trying to accomplish when you set out to do security. I’m going to expand on that here.
Monday, February 15, 2010
Introduction to Governance, First of a Series
Governance is the foundation that effective security is built on. It’s a big word for a common-sense idea: things work better if you know what you’re trying to do and how you’re willing to do it than if life is an endless flailing reaction of whatever the latest situation drops in your lap. Boy Scouts have been telling people to “be prepared” for a long time.
If it’s such an easy idea, why do so many people get wrong, in their personal lives and in business?
If it’s such an easy idea, why do so many people get wrong, in their personal lives and in business?
The lights come on, the set is down, the curtains float away...
People already blog about information security – just look at my short but growing blog roll. Does the world really need one more? I think so, and my inaugural post is to make the case for it.
Information Security is big business. The U.S. federal government alone spent 7.1 billion dollars on it in 2009, and private industry dropped a pretty penny on it as well. The headlines regularly show the cost of not getting it right, literally and figuratively. Companies appoint executives, staff departments, allocate budgets, and do all the other things that businesses do in order to secure their computing. I should know – it’s kept me employed full time for most of my adult life.
And yet, the headlines keep coming.
Information Security is big business. The U.S. federal government alone spent 7.1 billion dollars on it in 2009, and private industry dropped a pretty penny on it as well. The headlines regularly show the cost of not getting it right, literally and figuratively. Companies appoint executives, staff departments, allocate budgets, and do all the other things that businesses do in order to secure their computing. I should know – it’s kept me employed full time for most of my adult life.
And yet, the headlines keep coming.
Subscribe to:
Posts (Atom)
