Whole Security Solutions
“Friends and family” yawn when I harp on about the need for whole solutions. Take Data Leakage Protection as an example. Some technology companies would have you believe that network devices or digital rights management alone is the solution. The truth of course is that information security is a complex topic that requires skillful people to think through the scope of the problem space and build whole solutions that address the entire complexity of the problem. Its very rare that one size fits all and even rarer that a single solution will address a significant part of the problem scope.
Eric Bidstrup highlights this today on the Microsoft SDL blog when talking about the Iron Chef challenge at Black Hat.
An article in Dark reading called Putting Security in the Trash serves as a good reminder about the scope of the overall information security theatre specifically talking about the data leakage problem and a Texas law that has significant financial implications AND is being enforced.
The Texas 2005 Identity Theft Enforcement and Protection Act requires businesses to protect customer records containing sensitive information, and to thoroughly destroy the records that are no longer needed. It allows for fines of up to $50,000 for each violation.
July 28, 2007 at 1:38 am
(Err, that’s Eric Bidstrup.)
July 28, 2007 at 4:30 am
Fixed, thanks and sorry Adam.
September 12, 2008 at 4:42 pm
[...] about designing whole security solutions! Posted: Friday, September 12, 2008 5:42 PM by cisg Filed under: Product Management, Software [...]