hide

Read Next

Who are you to judge?!

What a strong negative connotation! Judging. Judging things, judging people, being judgmental... these are not pleasant things that polite and civilized people do... right?

But if judging is such a fault, perhaps we should learn what exactly it is. Hmm... I don't know exactly. Maybe Merriam-Webster can enlighten us:

Judge. Transititive verb. "to form an opinion about through careful weighing of evidence and testing of premises"

Hmm. That's... not what we expected, now is it? Judging is bad. But forming an opinion through careful weighing of evidence and testing premises... that doesn't sound so bad. Hmm.

What does that sound like to me?

IS IT SAFE?

On Neil Fisher's Security Blog

IS IT SAFE?

“Is it safe?” Sir Laurence Olivier’s line from Marathon Man came back to haunt me this week as I attended a whole series of cyber security conferences, seminars and a Standards launch, culminating yesterday with a speech by the senior editor of The Economist on Snowden and the damage he has done to Western Intelligence. I’m “conferenced-out” and need to recover in time for “The Big One” - UK Government’s own cyber security annual conference (actually GCHQ’s) - IA14 in London on 16 and 17 Jun 14.

Monday was the Security Company’s very popular special interest group meetings on security awareness - SASIG. These meetings have gone from strength to strength - well done Martin Smith - and the theme was the Insider Threat and how business life has changed to a much more wartime-like state of internal vigilance. It’s not so much “Trust No-One” in the office environment, more “Who Are All These People?”. Standards of HR scrutiny need improving, access management deserves greater recognition as an in-depth framework of protection and management needs to sit up and take notice of today’s main security vulnerabilities - lack of timely and dynamic GRC; holistic, comprehensive and in-depth access control (combined physical and cyber); intelligent, innovative and cost-effective recovery and resilience plans when using Cloud services, especially Infrastructure as a Service and Desktops/Workplace as a Service. Lastly, a noted specialist gave an excellent review of Edward Snowden’s life up to when he was hired by the CIA and how the US Government missed all the warning flags. As a result I’ve modified my view on Snowden. It is clear from his background that Snowden is who he is - anyone who had looked at his background would never have employed him on Government contracts. The error is that he was both employed and then cleared to handle the highest classification of information, with system administrator status. The vetting agency, an outsourced company called US Investigations LLC was on a target achievement payment regime and they were behind their targets. Hence quite a number of individuals only got a cursory examination before being cleared. I understand over 650,000 individual investigations for personnel clearance have had to be reviewed and redone. Not surprisingly the company is being sued - http://www.bloomberg.com/news/2014-01-23/security-firm-sued-by-u-s-over-bad-background-checks.html.

Following the Snowden story Edward Lucas, senior editor of the Econonist, gave a refreshing reality check on Snowden and the whole rationale for nation level spying at Acumin’s annual RANT conference in London. To my mind he put the Snowdenistas in their place. His articulation of common sense can be found in his short book “The Snowden Operation” on sale for less than a pound on Amazon as a Kindle download.

Then Inside Government had an Identity Management conference on Wednesday to publicise better the UK Government’s Identity Assurance Programme - IDAP. IDAP is a version of a SAML 2.0 enabled Federated Identity Management scheme where the Government does not require you to authenticate direct with them - or a Government Department - to enable online transaction with Central or Local Government but allows the Public to use a Trusted Third Party with whom they have enrolled their identity and that Government also trusts to verify whom they are. In this way the Government hopes to overcome the privacy objections that stymied the National Identity System (the ID Card). IDAP , predictably, is behind the curve. That’s probably okay since there are a number of technical and human challenges to overcome; the system will be fairly unique (but others have implemented similar systems); SAML 2.0 (the key identity management protocol) wasn’t really designed for such a large system and has had to be modified; most importantly, the Government’s flagship project, “Digital By Default”, the key to the transformation of Government Services (and Government, frankly) depends on secure Identity Management and therefore IDAP. Politically, therefore, IDAP has to work and in time for it to be used as one of the success stories in the next election campaign.

Rendering New Theme...