Security Geek-Ed

One of main information security issue facing corporations is that they simply don’t know what data they have, it’s sensitivity, nor where it’s located. Now, with the rush to cloud computing, these organizations can simply say: “Hey, we don’t know what data we have nor where it is because … it’s designed that way!. We don’t have to know where it is! And if don’t know where it is … how can we know what’s there!?”

OK, I jest. But it does illustrate to me that the abstraction/virtualization layers inserted between an application and its data can certainly obfuscate the assigning of responsibility for the protection of that data in accordance with its sensitivity and CIA. And do/will vendors offer services commensurate with that need? Right now, I for one am in the position of the old man who saw a dog ice-dancing. It wasn’t the he did it well … it was that he did it at all.

Bruce Schneier had a recent post that references an article in the Register available at <http://preview.tinyurl.com/a9hn2n>. Briefly stated, it appears that NSA is ready to pay a lot of money for someone to crack Skype encryption, mainly because more and more criminals (including terrorist organizations) are using this technology instead of phone calls. 

I won’t quote any more of the article: it’s definitely worth reading. And I still haven’t completely figured out where I stand on this. At this time, I reluctantly have to stand with those who say that the right to privacy is greater than the right to allow unlimited and unmonitored surveillance of private communication.  Perhaps I would feel differently if I believed that government agencies could be trusted to do the “right thing” with the data and with the right to access … but I don’t, and I think the evidence will bear me out on that. So if PGP and Skype keep my communications private: good. 

or so says a wonderful song by NRBQ. I’m getting frustrated by writers who refer to applications and operating systems as “free” (as in beer, as in speech?) The real deal is more complicated than that. Any complex system is going to take time to learn, time to manage, time to update, etc. Youll also find bugs and mis-features, or features you want that no one else is willing to develop. None of this is “free.” It all reflects a commitment and an investment, as well as a “road not taken.” I’m reminded of a radio commercial for a transmission company in the Greater Boston area (and I can’t remember which one, sorry): “you can pay me now, or you can pay me later.”Free (no charge) software hides the cost at the back end.

So, yes, some software products can be obtained “free of charge.” No $$, paid for by the $0 bill. Just beware the hidden costs.

I’m indebted to my friend Tim Kress for this comment on training versus education: “If you don’t think there’s a difference between training and education, then ask yourself which you would prefer for your 13 year old child: sex education or sex training?” 

Read this post on Grady Booch’s blog this morning, and it crystalized some thoughts that I’d been having about software development and making movies. I think this extends to multiple activities … including project managment and creating a project team. Here’s the quote:

Dave Bernstein emailed [Grady Booch] a reminder of an article by Walker Royce published in the September/October 2005 issue of IEEE Software, titled “Successful Software Management Style: Steering and Balance.” In this article, Walker points out a number of parallels between software development and movie making. “Software project managers are more likely to succeed if they use techniques that are more like managing a move production than an engineering production.” Movies products, Walker notes, are “professionals who regularly create a unique and complex web of intellectual property limited only by vision and creativity.” He goes on to say that “a software manager’s day-to-day decisions (like those of a movie producer) are dominated by value judgments, cost trade-offs, human factors, macro-economic tends, technology trends, market strengths, and timing.”

There’s another dimension to this as well: the nature of work, reputation, the ability to work with others, at a distance, etc.

Downside? Movies frequently fail, come in wildly overbudget, don’t deliver on expectations. Hmmm.

A technical writer friend of mine, and a wise man in general, told me the following: “We train animals, we educate people.”

I’ve never forgotten it. Regardless of location, training without education does a dis-service to everyone involved.

Just my flame of the day.

I’m in the process of redoing my Network Security syllabus as part of a “cycle of improvement” exercise that I find both highly frustrating and rewarding. I’m wrestling with the notion of cognitive vs. behavioral assessments and the overlap thereof. For example, is an outcome of “being able to identify and contrast WEP, WPA, and WPA2″ a cognitive or a behavioral assessment? I reminded of book entitled “The Philosophy of Mind” by Gilbert Ryle, which had a chapter on the differences between “knowing how and knowing that.” I may know what a router does, what an ACL does, how to apply one, but is it all for naught if I can’t remember the syntax for iptables or Cisco IOS?  ’Tis a puzzlement indeed.

Welcome to your brand new blog at Edublogs.

To get started, simply log in, edit or delete this post and check out all the other options available to you.

There’s stacks of great supporting material too! Take time to view our some helpful introductory videos, read through our Frequently Asked Questions (FAQ) or stop by The Edublogs Forums to chat with other edubloggers.

If you’ve got 4 minutes and 55 seconds, we’ve also put together a video introduction that you might like:

You can also subscribe to our brilliant free publication, The Edublogger, which is jammed with helpful tips, ideas and more.

And finally, if you like Edublogs but want to be able to simply create, administer, control and manage hundreds of student and teacher blogs at your school or college, check out Edublogs Campus… it’s like Edublogs in a box, all for you.

Thanks again for signing up with Edublogs!