Friday, March 14, 2014

Friday Musings - happy times under the spotlight

Taking a break from the daily gloomy tidings about UID misuse, foot in the mouth pronouncements, government system breaches let us look at some silver linings and keep the weekend cheery!

A recent analyst report says that the Information Security business is worth $102 billion - happy days for all! Who cares if this spend secures enterprises or governments so long as we can invoice them and get our payment! I can see the India Infosec group members coming together for an all India F2F to discuss the bulk purchase of high end Mercs, BMWs in the near future. Ek billion de de bhagwan hum ko :)

Tim Berners Lee was answering questions on reddit and there are some great quotes - this is a must read on the weekend He talks about Snowden and that whistleblowers may be all that will save society and that he favors surveillance for fighting crime (but there must be oversight). Incidentally, he had considered alternate names like The Mesh, The Information Mine before he finalized on WWW.

An extract from the reddit post:
[Question] Did you ever think that the internet would get this big?
[TBL] Yes, I more or less had it nailed down when it comes to the growth curve. I didn't get it completely right --- 25 years ago I was predicting Id be asked to do an AMA on reddit next wek, but it turned out to be this week. Well, we all make mistakes. (no of course not)
Closer home and elsewhere, IMS, CMS, NETRA, NSA, PRISM are a few terms that bring visions of a surveillance state intruding into every facet of your life. However this is not the start of surveillance as it has been around even before Biblical times. Every ruler and his statesmen have engaged in some form of surveillance on their populace - the level of intrusion depends on the case. 

In the Internet age, there has been great debate on the extent of surveillance and the fear of misuse, or loss, of data collected.

So say all the wise people outside the establishment. 
So says Tim Berners Lee too. 
Has anyone heard any government say this convincingly ? We shall rest our case here and learn to live with it.  The debate will continue and the government will do what they have to do against the raving and ranting of the privacy and human rights activists. 

There is a lot not happening in the InfoSec domain - good bad and ugly!  Some ugly stuff - I was with a client who had 'obtained' an ISO27001 certificate. They paid Rs. X for the certificate and then another Rs 150 for framing it :) .. of course they felt bad that this agency gave them the certificate without the photoframe. And now they were scrambling because a client wanted to do an audit and they did not have a single policy. Of course they did not have a hope in hell and flunked the audit.

InfoSec advisories warn about the insider threat and this is may be the biggest example: It is being alleged that Princess Diana leaked royal family phone numbers to get back to her husband - disgruntled wife causing a data breach! Another one was about the daughter of Michael Dell who was regularly posting details about her father's travel plans on her FB page while he was spending a few millions on protecting his privacy and security!

BTW - one of the fans on the TBL AMA commented that Berners-Lee does not use a browser! He just pulls on an ethernet cable like a hookah :)

How many of us can claim this power ;-)
However, with dollar dreams I should no longer care about surveillance or insiders - I have the power! (of the ISO certificate!

With that thought... have a great weekend. 

The world is full of great surprises & the uncommon shortage of common sense is one of them. 

Notice: this is my post on the India InfoSec Mailing list on Yahoo! a private closed group of information security professionals from India.

No comments: