Security Discussion
Prepared by Russell Mickler, CISSP
Technology Consultant
© 2014. Mickler & Associates, Inc. Some Rights Reserved.
Creative Commons Non-Commercial Copyright License
What Is Security?
Security has nothing to do with�scale or solutions.
Symantec, the OEM of Norton Anti-Virus and other enterprise products, admits that anti-virus solutions are only effective 40-percent of the time and are effectively dead as a product.1
Target, a huge company with a massive IT presence, running a $1.6m enterprise solution called FireEye, lost 40 million credit cards and 70 million instances of PPI.2
JP Morgan Chase announced PPI breaches on 76 million households and 7 million businesses; it spends $250m on IT security and employs 1,000 people.3
What Is Security?
Security has everything to do�with feelings.
There’s no magic pill. No one single product. No beginning or ending point. No right way or wrong way. No single setting, configuration, or precaution. Security isn’t a function of money, or size, or a choice between software products.
Security is simply the feeling of confidence that we have in our safeguards.
It is a feeling.
Quote
“You have to be paranoid now. You can’t slack off. There’s no such thing as data confidentiality anymore. Everything is out there.”
-Avivah Litan, Gartner VP and Security Analyst
Who’s the Enemy?
Who is the enemy?
Russians. Kids. Ukrainians. Adults. Employees. Chinese. Unemployed Tech Workers. South Africans. Israelis. Anonymous. The NSA. Family Members. Botmasters. North Koreans. Gamers. Mossad. The Iranian State. Brittish. ISIS. High School Dropouts. Pakistanis. Sociopaths. Terrorists. Syrian Electronic Army. Bosses. Automatons. Reporters. MI6. Government Workers. Germans. Americans. French. Edward Snowden. Children.
So many enemies. And yes. The Children.
BEHOLD THE ENEMY!
(Arrgh It’s Terrible! Just Look at Them - Learning and Curious!)
What are the Enemies of Security?
Are they?
Well, what really creates insecurity?
Complacency. Human Habit. Convenience. Assumption. Laziness. Ignorance. Negligence. Incompetence. Over-confidence, fear, and arrogance. Authority. Not Learning. Coloring Within the Lines. Doing the Same Damn Thing.
These things conflict with our safeguards.
What are the Enemies of Security?
We are.
We are our own worst enemy. We are human. We err and make mistakes.
We willingly ignore our safeguards. We don’t know everything. We think we know everything. We don’t even try. We assume nothing will happen to us.
But what matters the most is the question that might come next.
Awareness
What are our options?
What businesses and individuals can do to make a difference.
We can’t resolve all threats at all times; we can’t secure ourselves from all threat agents; we can’t ever possibly know all potential threats and vulnerabilities in an infinite universe of possibility …
Rather, we must compromise. We must balance our feelings (paranoia?) with rational, reasonable, cost effective precautions. And we must constantly�question ourselves.
Thank you for your time.
Russell Mickler is a technology consultant who serves small to mid-range businesses in Vancouver, Washington. Mickler's experience features seventeen years of senior and mid-level IT department management. An Authorized Google Apps Reseller, Mickler earned his Masters of Science in Applied Information Management from the University of Oregon in 2000. A technical author, Mickler is a Certified Information Systems Security Professional (CISSP) and a Microsoft Certified Systems Engineer (MCSE). Mickler teaches for numerous colleges and universities, both online and onground.
About.me | Facebook | Twitter | Google+ | Linked-In | TekTalk Events
Learn how we can help your company.
About the Author
Copyright Notice
Attribution. You must attribute the work in the manner specified by the author or licensor.
Noncommercial. You may not use this work for commercial purposes.
No Derivative Works. You may not alter, transform, or build upon this work.
Attribution-NonCommercial-NoDerivs 2.5
You are free:
Under the following conditions:
For any reuse or distribution, you must make clear to others the license terms of this work. ��Any of these conditions can be waived if you get permission from the copyright holder.
Your fair use and other rights are in no way affected by the above.�
This is a human-readable summary of the Legal Code (the full license) Disclaimer