David Laceys IT Security Blog

Security Guidance Shouldn’t Be Secret

One learning point from the recent HMRC data breach is the need to de-classify security guidance. As noted by the Guardian and The Register, some Government security manuals tend to be protected data themselves. This restricts their distribution. Most of Industry de-classified their security policies and standards and placed them on their Intranets more than a decade ago. Security by obscurity no longer works when ordinary members of staff have the capability of compromising large quantities of sensitive company or customer data.

SearchCIO

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance ...

Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

AI luminary Fei-Fei Li was among a group of distinguished AI researchers asked to share their thoughts on how to develop ethical ...

Andrew Ng's AI playbook for the enterprise: 6 must-dos

AI legend and online education pioneer Andrew Ng has developed an AI playbook for businesses. Here are six must-dos.

SearchSecurity

CrowdStrike, NSS Labs settle legal disputes over product testing

CrowdStrike and NSS Labs have ended their legal dispute with a confidential settlement agreement, which resolves all lawsuits ...

Barracuda Advanced Bot Protection safeguards web applications

Advanced Bot Protection is a cloud-hosted platform that defends against automated threats using AI. It is available as both a web...

Microsoft bets on ElectionGuard SDK to fortify election security

Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of ...

SearchNetworking

Huawei ban will hasten its retreat from U.S. suppliers

The Huawei ban will spur a faster retreat from U.S. suppliers, as the Chinese tech company invests more in its manufacturing ...

Cisco vulnerability fix for thrangrycat carries risks

The Cisco vulnerability fix for thrangrycat could make affected hardware unusable. But the vendor said its ready to replace ...

The status of white box networking in the enterprise

Despite the benefits of white box networking, most enterprises are cautious about deployment. Use these five questions to ...

SearchDataCenter

How do I size a UPS unit?

Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

How to enhance FTP server security

If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

3 ways to approach cloud bursting

With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

GDPR privacy concerns still brewing on law's first birthday

The first year of the much-debated EU protection rule was subdued. High-profile fines for privacy breaches have yet to appear, ...

The main picks for Hadoop distributions on the market

Check out the current top Hadoop distribution vendors in the market to help you determine which product is best for your company.

Inside view of Tibco integration architecture planning

Tibco's acquisitions of well-regarded, small software specialists such as SnappyData are part of a drive toward what it calls '...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Andrew Yeomans - 19 Dec 2007 5:24 AM

Should copyright be used to restrict the distribution? BS7799/17799/2700x might be more frequently used if published under a copyright licence allowing redistribution. And perhaps even more relevant, if derivative works were explicitly permitted, we might see more example policies derived from the standards. Other bodies such as ISACA and ISF seem to get along with allowing freely downloadable standards.

David Lacey - 19 Dec 2007 7:02 PM

I couldn't agree more. I have to admit to having been a strong supporter of the original case for BS7799 copyright. Amongst other things, it prevented NIST from publishing the content. At the time (back in 1993) it seemed that strict control of content was more important than dissemination. I believe, with hindsight, that we got that judgement wrong.

David Laceys IT Security Blog

Security Guidance Shouldn’t Be Secret

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Surveillance technology under fire, amid growing societal concerns

Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

Andrew Ng's AI playbook for the enterprise: 6 must-dos

SearchSecurity

CrowdStrike, NSS Labs settle legal disputes over product testing

Barracuda Advanced Bot Protection safeguards web applications

Microsoft bets on ElectionGuard SDK to fortify election security

SearchNetworking

Huawei ban will hasten its retreat from U.S. suppliers

Cisco vulnerability fix for thrangrycat carries risks

The status of white box networking in the enterprise

SearchDataCenter

How do I size a UPS unit?

How to enhance FTP server security

3 ways to approach cloud bursting

SearchDataManagement

GDPR privacy concerns still brewing on law's first birthday

The main picks for Hadoop distributions on the market

Inside view of Tibco integration architecture planning

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.