It's time to stop playing war games in the name of "security"

  • Article

Really interesting article.

Military mindset no longer applicable in our line of work
https://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1171862,00.html

My favorite bit: "Obviously, secrecy is important to business, as is the ability to trust messages to the military, but these two camps have opposite priorities. For example, if we had developed a business approach that ensured transactions were genuine instead of a military approach that protected the secrecy of credit card numbers, ID theft wouldn't be an issue today."

Comments

  • Anonymous
    January 01, 2003
    I have been working on hardening guidance for almost 10 years. The first few I worked on were essentially...
  • Anonymous
    March 14, 2006
    I don't think the business mind-set really always helps all that much, either, sadly.

    The most glaring examples are the "your data is now ours, and we can sell it to whomever" issues that have been plaguing various credit card processing companies for some time.
  • Anonymous
    March 15, 2006
    The comment has been removed
  • Anonymous
    March 16, 2006
    I thought I was going to come across as a frothing loon if I said that out loud - it's something I've been saying for quite some time, though.

    My data is my data, and I may allow you to borrow it so that you can do business on my behalf, but unless there's a legislatively mandated requirement that you have access to my data, I should be able to decide who gets to borrow it or not.

    If there is a mandated requirement for you to have my data, or I have allowed you access to it, there should be a process for me to inspect, and correct, any factual data you carry that describes me.

    European data protection laws have had this right from early days.  In school, I went to a day of the committee readings of the Data Protection Act in the House of Commons, and was thoroughly expected to be disgusted (as a know-it-all teenager); I came away impressed by the fact that our politicians seemed to understand the basics of what they were discussing.

    It's not without its faults, granted, but the rights ascribed to data subjects are unparalleled by anything here in the United States.