“Enterprise Security is Appalling”

Posted: October 3, 2013 by chad98036 in Uncategorized

My first thought was,  “Of course it is, Kirk keeps beaming all the competent ones down on landing parties where they are promptly killed”.  Then I realized that the article is talking about IT Enterprise Security and my first thought was “duh” if it was good everyone from ‘those who wish to remain unnamed” to the NSA wouldn’t be running through everyone’s’ data like it was a summer romp at the beach.

Highlight from the article –

The most effective approach is to match IT security to a company’s lines of business and most valuable assets, not simply reinforce security built to match a network or system topology. Making good rules for security isn’t enough, either: Ttey have to be enforced. “You’ve got to audit and make sure that people are following the rules. Minor mistakes lead to vulnerabilities,” he said.

Even figuring out what to protect requires the same kind of big-data analysis many companies use to identify new markets or develop new products, but that few actually employ to identify their own most valuable assets – both physical and intellectual property – and define how those assets contribute to key strategic business goals, Winter said.

Effective security is not limited to building a series of firewalls and data-protection policies. Good security is a process that requires the constant collection and analysis of data on the business and its competitive environment in order to be ready to counter threats before they become attacks, let alone breaches.

The way I read that is you actually have to provide some thought about what you are trying to protect.  Just going down a checklist and ticking off the boxes isn’t going to cut it.  The Snowden case would appear to be a perfect example.  The way it looks to me is that the NSA spent a lot of time protecting against outside threats but very little considering who could actually access and compromise their data and they got burned.  The speaker the article references is making the point that that kind of thinking is a systemic problem.

Other exciting tech news

Silkroad, the online drug bazaar, was shutdown by Feds. Among the revelations the admin, apparently solicited a couple of murders. One for $80,000 against an employee who stole some bitcoins (about $500,000 worth) and another for $150,000 because a user was threatening to violate the anonymity of site users. The admin apparently mused, while contracting the hit, that he wished more people had integrity. This immediately reminded me of the "A girl’s got to have her standards line" from Real Genius.

Related – and thrown in to keep the conspiracy buffs happy.  Tracking the Dread Pirate Roberts:

If altoid’s solicitation for a Bitcoin-conversant IT Pro wasn’t enough to make Ulbricht a person of interest in the FBI’s ongoing probe, other digital bread crumbs were sure to arouse agents’ suspicions. The Google+ profile tied to therossulbricht@gmail.com address included a list of favorite videos originating from mises.org, a website of the "Mises Institute." The site billed itself as the "world center of the Austrian School of economics" and contained a user profile for one Ross Ulbricht. Several Dread Pirate Roberts postings on Silk Road cited the "Austrian Economic theory" and the works of Mises Institute economists Ludwig von Mises and Murray Rothbard in providing the guiding principles for the illicit drug market.

Unrelated – France approves Anti-Amazon Bill.  Oh no, If you’ve lost France, well who really cares?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s