Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

InfoSec's Waterloo and it's implications

From: Vin McLellan <vin () theworld com>
Date: Thu, 05 May 2005 16:34:12 -0400
CSO magazine hit InfoSec professionals hard a couple of months ago when it described the revelations and exposures of IT security failures in first half of 2005 (largely courtesy of California state law S1386) as the "Waterloo" -- the utter and historically devastating failure -- for traditional InfoSec praxis, policy, and industrial politics.
It's a label that may stick, with potentially big implications for, among others, CIOs, CISSOs, and wee supporting techies who manage institutional security barriers like firewalls.
One response to this ongoing series of InfoSec debacles was the little-noticed March 23 joint "Guidance" announcement -- from the five US federal regulatory agencies for banks -- that all US banks are now required to notify their customers in the event of a theft or unauthorized access to data files containing personal information which could possibly be misused against the customer. (See: <http://tinyurl.com/cgdhm>)
CSO, in an erudite article entitled, "The Five Most Shocking Things About the ChoicePoint Debacle," now offers a timely and informative follow-up on the the ChoicePoint imbroglio. (See: <http://tinyurl.com/dhsca>.) An interesting subtext here is that privacy -- an explosively potent issue that both parties have effectively ducked -- has reemerged with the subtly of Mt. Vesuvius.
Another less-surprising subtext is that today's corporate InfoSec infrastructure -- both the "best practice" technology and policies, and the corporate roles that manage it -- will have to change drastically to successfully handle the new burdens of regulatory compliance.
With national ID cards (standardized driver licenses) now a done deal, a federal "notification" bill seems inevitable, and a major new federal privacy bill possible. The Clintonesque Center for American Progress just published a notable essay, "Protecting Privacy in the Digital Age," which argues that the Privacy Act of 1974 no longer really means anything, since government now simply out-sources those actions which it isn't allowed to take. (See: <http://tinyurl.com/8ghpe>.) 

_Vin

*   Vin McLellan + The Privacy Guild + <vin () theworld com>   *
          22 Beacon St., Chelsea, MA 02150 USA


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: