Info

You are currently browsing the Data At Rest Encryption Solutions weblog archives for the day 11. May 2009.

May 2009
M	T	W	T	F	S	S
« Apr		Jun »
	1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Archive for 11. May 2009

Comprehensive National Cybersecurity Initiative (CNCI)

11. May 2009 by Bryan Glancey.

I am a big believer in common sense. It’s amazing how uncommon common sense really is, and how important it is.

One of the guiding principals of Information Security is independent review. The network administration team and the Network security team set the rules and protections, they set up up, then you hire someone from the outside to come in and try to break them . This happens all over the place in the world: the CFO makes the budget and documents expenses then you hire an independent auditor to verify; before you get that life threatening Brain Surgery you request a second opinion - checks and balances, second opinions, peer review - it keeps everyone sharp and protects us all from bad advice, or being sold a $2000.00 vacuum cleaner when we have hardwood floors.

Currently, cooking in the government is the Comprehensive National CyberSecurity Initiate. It’s secret, no one can know what in it until they decide to release it. The concerning thing about it is who is influencing the choices - is it someone who knows the difference between a Hash Algorithm and Hash Browns? Do they know the difference between a rainbow table and the rainbow coalition?

My hope is that the government open the CNCI to industry input, even though the ensuing carnival may be painful. Yes, someone will come in and present why token ring is more secure then ethernet, wasting everyone’s time, but at least there will be a intelligent discussion.

If the vendor conversations are too loud, perhaps just a good survey of the Hacker community, INFOSEC professionals in the NSA’s own IAM/IEM certification program or CISSPs . Some how some intelligent debate needs to enter the Cybersecurity realm and move it from Lip Service to Reality.

How about CyberSecurity Stimulus? You think I’m kidding? When we spend endless hours of debate discussing the already lost manufacturing jobs, we are letting an industry that the United States has a significant advantage and resource in blow in the wind. Every other major world power spends more on Cybersecurity then the United States, why don’t we wake up and join the 21st Century. The jobs yielded by Security applications would pay on average twice that of the manufacturing jobs that we spend billions to keep and bailout.

Posted in Main, Blogroll, Uncategorized | Print | No Comments »