Upload File

some perspectives from the deck of the infosec titanic

  • Home
  • Documents
  • Some perspectives from the deck of the infosec Titanic
1
Gates wraps up with an ‘imperfect’ Vista at RSA I n his last keynote address to the RSA conference, Microsoft chairman Bill Gates announced the operating system Vista as the culmination of the Trustworthy Computing campaign announced by the software maker five years ago. Co-presenter Craig Mundie who heads up research at the software giant said that although Vista has been through the mill of Trustworthy Computing, it hasn’t emerged “perfect.” He blames humans for the imperfection of Microsoft’s new operating system. “ To some extent the challenge that we face in building our products and the chal- lenge everybody faces in administering them and using them is that humans are human, and they make mistakes,” he said. Mundie, who is taking over the reins of security at the company according to Gates, said Vista and Office 2007 are the first two products that have been “through this entire security design lifecycle process.” He said Trustworthy Computing was a “big task” that brought about “cultural as well as engineering process changes…” Meanwhile Symantec CEO John Thompson criticised Microsoft’s impingement on the security market- place, saying it was a “conflict of interest for a company to sell an operating sys- tems and also secure it. Those who “keep the books should not also audit them,” he said. Computer Fraud & Security March 2007 4 NEWS The first comment: “Security is increasingly more of an adjective than a noun, i.e. secure telecommunications, secure networking, etc.” The second comment, uttered a few moments later while your correspondent was still grappling with the implications of the first one: “In two or three years, there won’t be any stand-alone security industry.” Now, do not misunderstand us, it is not as if we do not see the trends, it is not as if we think these prognostications are wrong, it is simply that we feel their implications should be deeply disturbing, and that they should sound an alarm for CEOs and security professionals alike. But, incredibly, these prognostications w were both articulated by the CEO panel participants and greeted by the standing room only audience (your correspond- ent was the only one heading for the door) as an inevitable and most wel- come evolution in our circumstances. Why is this sorry state of affairs so disturbing? Security is not just a technologi- cal component or an aspect of system design, security is not just a feature or an adjective, security is not just one of many issues on a long list of IT con- cerns. Security is a culture, and a world view. It must be cultivated, it must be ingrained, it must be staffed and fund- ed, and it must be grounded in reality, and wired into the boardroom. Security must have eyes in the back of its head and its ear to the underground; it must be empowered and enabled. The ship of fools is heading into deep, dark and troubled waters, and this failure to understand the full scope of the cyber security mandate is not the only iceberg that awaits us. Some perspectives from the deck of Some perspectives from the deck of the infosec Titanic Richard Power at RSA Your intrepid reporter attended the 2007 RSA Conference held recently in San Francisco. The RSA Conference has become the premiere event in the marketplace, and no doubt there are numerous story-lines to follow, but your correspondent could not get beyond two remarks offered by industry executives participating in a session in the Business Trends and Impact track, entitled CEO Panel: View from the Top. Richard Power Schneier: cybercrime lurks in developing countries B T makes inroads to Asia Bruce Schneier appeared at RSA among his new colleagues at BT, which recently bought his home-grown firm Counterpane. The cryptographer announced that cybercrime was rampant in develop- ing countries due to the lack of law enforcement to tackle the issue. “Cybercriminals are using countries with poor law enforcement to commit their crimes, and therefore identity theft and other similar crimes are on the rise. This is how they make their money,” he said. BT and Counterpane are expanding into Asia where some countries like Cambodia have had little armoury to defend against cybercrime. Ray Stanton, who heads up business continuity at BT, said the telecoms giant has landed a big deal in Asia thanks to the acquisition of Counterpane. “Security is key and fundamental to what we do, that’s why we bought in Counterpane,” he said. “It’s a great fit and shortly after the union with Counterpane, a $30 million deal was signed in Asia – without the new partner- ship that would not have happened. They are a complementary service,” he said.

Upload: richard-power

Post on 19-Sep-2016

215 views

Category:

Documents


3 download

Report

TRANSCRIPT

Page 1: Some perspectives from the deck of the infosec Titanic

Gates wraps up with an ‘imperfect’ Vista at RSA

In his last keynote address to the RSA conference, Microsoft chairman

Bill Gates announced the operating system Vista as the culmination of the Trustworthy Computing campaign announced by the software maker five years ago.

Co-presenter Craig Mundie who heads up research at the software giant said that although Vista has been through the mill of Trustworthy Computing, it hasn’t emerged “perfect.”

He blames humans for the imperfection of Microsoft’s new operating system.

“ To some extent the challenge that we face in building our products and the chal-lenge everybody faces in administering them and using them is that humans are human, and they make mistakes,” he said.

Mundie, who is taking over the reins of security at the company according to

Gates, said Vista and Office 2007 are the first two products that have been “through this entire security design lifecycle process.”

He said Trustworthy Computing was a “big task” that brought about “cultural as well as engineering process changes…”

Meanwhile Symantec CEO John Thompson criticised Microsoft’s impingement on the security market-place, saying it was a “conflict of interest for a company to sell an operating sys-tems and also secure it. Those who “keep the books should not also audit them,” he said.

Computer Fraud & Security March 20074

NEWS

The first comment: “Security is increasingly more of an adjective than a noun, i.e. secure telecommunications, secure networking, etc.”

The second comment, uttered a few moments later while your correspondent was still grappling with the implications was still grappling with the implications of the first one: “In two or three years, there won’t be any stand-alone security industry.”

Now, do not misunderstand us, it is not as if we do not see the trends, it is not as if we think these prognostications are wrong, we think these prognostications are wrong, it is simply that we feel their implications should be deeply disturbing, and that they should sound an alarm for CEOs and security professionals alike.

But, incredibly, these prognostications were both articulated by the CEO panel were both articulated by the CEO panel participants and greeted by the standing room only audience (your correspond-ent was the only one heading for the

door) as an inevitable and most wel-come evolution in our circumstances.

Why is this sorry state of affairs so disturbing?

Security is not just a technologi-cal component or an aspect of system design, security is not just a feature or an adjective, security is not just one of many issues on a long list of IT con-cerns. Security is a culture, and a world view. It must be cultivated, it must be ingrained, it must be staffed and fund-ed, and it must be grounded in reality, and wired into the boardroom. Security must have eyes in the back of its head and its ear to the underground; it must be empowered and enabled.

The ship of fools is heading into deep, dark and troubled waters, and this failure to understand the full scope of the cyber security mandate is not the only iceberg that awaits us.

Some perspectives from the deck of Some perspectives from the deck of the infosec Titanic

Richard Power at RSA

Your intrepid reporter attended the 2007 RSA Conference held recently in San Francisco. The RSA Conference has become the premiere event in the marketplace, and no doubt there are numerous story-lines to follow, but your correspondent could not get beyond two remarks offered by industry executives participating in a session in the Business Trends and Impact track, entitled CEO Panel: View from the Top.

Richard Power

Schneier: cybercrime lurks in developing countries

BT makes inroads to Asia

Bruce Schneier appeared at RSA among his new colleagues at BT, which recently bought his home-grown firm Counterpane.

The cryptographer announced that cybercrime was rampant in develop-ing countries due to the lack of law enforcement to tackle the issue.

“Cybercriminals are using countries with poor law enforcement to commit their crimes, and therefore identity theft and other similar crimes are on the rise. This is how they make their money,” he said.

BT and Counterpane are expanding into Asia where some countries like Cambodia have had little armoury to defend against cybercrime.

Ray Stanton, who heads up business continuity at BT, said the telecoms giant has landed a big deal in Asia thanks to the acquisition of Counterpane.

“Security is key and fundamental to what we do, that’s why we bought in Counterpane,” he said.

“It’s a great fit and shortly after the union with Counterpane, a $30 million deal was signed in Asia – without the new partner-ship that would not have happened. They are a complementary service,” he said.

How to rearrange the deck chairs on the titanic. (Mark Smalley - IT Paradigmologist)

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy

The InfoSec Avengers

2014 guestlecture-infosec

Social Psychology & INFOSEC

T is for Titanic: A Titanic Alphabet · T is for Titanic: A Titanic Alphabet | 9781585361762 ... Southampton, England. Passengers boarded the . Titanic. in Southampton, England. Harland

Infosec Audit Lecture_4

Avoiding Project Disasters Titanic Lessons for Projects · PDF file01/05/2011 · Titanic Lessons for Projects Titanic Titanic Lessons for Projects

Design a deck, pool deck designs, titanic deck plans, deck designs ideas, do it yourself deck

The Titanic What the Titanic Can Teach Us About Surviving ...fdrfoundation.org/IMAGES/TITANIC copy/The Titanic and Climate... · What the Titanic Can Teach Us About Surviving Climate

Infosec Gateway

Titanic Boarding Passes - Titanic Museum

InfoSec 2012 Program

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012

Getting Into InfoSec · Daniel Bohannon @danielhbohannon Getting Into InfoSec via pen Source

Glossary InfoSec

October 29, 2015 The University Information Security Policy & InfoSec one year on… Tom Anstey Weatherall Institute of Molecular Medicine & InfoSec [email protected]

Data Driven Infosec Services

Don’t Rearrange the Deck Furniture on a Sinking Titanic · Don’t simply rearrange the deck furniture on a sinking Titanic. As I write this my Detroit Tigers are off to another

Measurement & Statistics RMS TITANIC - Mangham Mathmanghammath.com/Chapter Packets/Chapter 9 Titanic data.pdf · Measurement & Statistics RMS TITANIC Royal Mail Steamer Titanic Information

InfoSec Policy ISO17799

TITANIC By Cian Timlin. Building The Titanic The Titanic was built in Belfast. They started building the Titanic in 1908-1909. The Titanic took millions

Titanic’s B Deck Mystery Object - TITANIC CAD Plans · Titanic’s B Deck Mystery Object By Bob Read There are many mysteries of the structure of Titanic. One of these has been

BS-InfoSec Bedrijfspresentatie 2013

PMP, InfoSec & Chan

Cisco InfoSec Brochure

InfoSec Updates v1.0

COBIT5 and InfoSec Spanish

Infosec russia cnemeth_v1.2.ppt

Nouveau titanic - New Titanic

The Infosec Revival

The Titanic - crowlees.co.uk€¦ · Titanic left Southampton on its first journey. Titanic hit an iceberg. Titanic was built in Belfast. 4. Fill in the missing word. Titanic was

Infosec Awareness Latest

DOD INFOSEC Education, Training , Awareness & … INFOSEC 310 Windows NT Security for SAs (5 days) Training Materials (Po werpoint) l INFOSEC 201: ... 101 l INFOSEC inputs provided

How to rearrange the deck chairs on the Titanic (PMI Singapore, Oct 2012)