Tales from the Technoverse

Commentary on social networking, technology, movies, society, and random musings

Tales from the Technoverse header image 2


December 29th, 2010 · No Comments · cyber-security

Since the latest set of releases associated with US diplomacy through WikiLeaks there has been endless commentary on all aspects of the leaks. I have read through many of the comments and columns and been thinking about whether I had any particularly new insights to offer.

My conclusion is that I do not and therefore wanted to reuse a few old ones.

While there will be a lot of closing the barn door after this particular horse has left action steps, in my opinion the bigger message is to reinforce the premise that the battle between information protection and information sharing is over and done with. Information protection has lost. I remain convinced that security planning focused purely on protection, in particular focusing on periphery protection, is a waste of time and money.

The underlying reason remains that the value of sharing information, or conversely the penalty of not sharing information, is so great for any organization of any type today that this need will drive decision making. Unless an organization is prepared to make the kind of investments that the Government does in setting up a structured set of security levels, e.g. confidential, secret, top secret, and so on, then it not possible to cause corporate culture to both share and protect very well at the same time. And even the Government security apparatus with its enormous associated investments leaks information, WikiLeaks being only the most recent example.

If I ran the security world I would focus on the following:

  • Security hygiene
    • Achieving situational awareness
    • Implementing security policies associated with situational awareness, see my post http://www.ourownlittlecorner.com/2010/12/18/brief-thoughts-on-security-and-other-it-policies/
    • Identify the data I really want to protect and focus only on that limited data, if more than ‘limited’ rethink what you want to protect
    • Create a strategy that takes into account that no individual component of your system is impenetrable
      • If concerned about availability – consider a biological construct with multiple copies of your applications and data available; e.g. the human body works fine, mostly, even with viruses all over the place
      • If concerned about penetration – consider increasing your OODA loop speed, observe-orient-decide-act, http://en.wikipedia.org/wiki/OODA_loop
READ  Final Version of SCADA Presentation
Be Sociable, Share!

Tags: ··

No Comments so far ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment

This blog is kept spam free by WP-SpamFree.

Time limit is exhausted. Please reload CAPTCHA.