David Laceys IT Security Blog

Security Guidance Shouldn’t Be Secret

One learning point from the recent HMRC data breach is the need to de-classify security guidance. As noted by the Guardian and The Register, some Government security manuals tend to be protected data themselves. This restricts their distribution. Most of Industry de-classified their security policies and standards and placed them on their Intranets more than a decade ago. Security by obscurity no longer works when ordinary members of staff have the capability of compromising large quantities of sensitive company or customer data.

SearchCIO

Leaders discuss challenges, strategies for women in IT

Women in tech still face challenges, including finding opportunities for advancement and management support. A recent panel of ...

14 tips for CIOs managing shadow IT activities

As the advent of cloud technology has made it easier to launch shadow IT, CIOs must be increasingly diligent to identify and ...

Top 2020 IT priorities hold fast amid COVID-19; spending takes hit

The biggest IT spending drivers from TechTarget's 2020 IT Priorities Survey remain relevant amid the COVID-19 pandemic, although ...

SearchSecurity

Guide to preventing coronavirus phishing and ransomware

Malicious actors are taking advantage of coronavirus fears to wreak havoc on cybersecurity. Check out our guide to learn about ...

Supply chain attack hits 26 open source projects on GitHub

Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in ...

Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, ...

SearchNetworking

5 things to know about MU-MIMO technology in Wi-Fi networks

'Multiuser multiple input, multiple output' might not roll off the tongue, but MU-MIMO technology is increasingly important in ...

5 principles of the network change management process

Network change management includes five basic principles, including risk analysis and peer review. These best practices can help ...

Small vendors that stand out in network automation

When incumbent vendors fall short, enterprises should consider these small vendors for new approaches to analytics and network ...

SearchDataCenter

Traditional vs. converged vs. hyper-converged infrastructure setups

HCI clusters, converged infrastructure and rack servers all offer benefits for a data center. Still, figuring out which is easier...

IBM layoffs target services, marketing employees

IBM layoffs under newly appointed CEO Arvind Krishna largely affect its Global Technology Services and marketing groups.

Microsoft supercomputer looks to create AI models in Azure

Microsoft has expanded its AI initiative up to the supercomputer market, unveiling a system focused on helping users build large ...

SearchDataManagement

Couchbase sees a blurring line between cloud NoSQL and SQL

Matt Cain, president and CEO of Couchbase, explains why NoSQL is part of digital transformation efforts, as his company prepares ...

Apache Pulsar joins Kafka in Splunk Data Stream Processor

Splunk is integrating open source Apache Kafka capabilities alongside Apache Pulsar support to better enable its latest Data ...

Benefits of a data catalog and why you need one

Data catalogs help across enterprises, from breaking down data silos to ensuring data privacy. A new book from Technics ...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Andrew Yeomans - 19 Dec 2007 5:24 AM

Should copyright be used to restrict the distribution? BS7799/17799/2700x might be more frequently used if published under a copyright licence allowing redistribution. And perhaps even more relevant, if derivative works were explicitly permitted, we might see more example policies derived from the standards. Other bodies such as ISACA and ISF seem to get along with allowing freely downloadable standards.

David Lacey - 19 Dec 2007 7:02 PM

I couldn't agree more. I have to admit to having been a strong supporter of the original case for BS7799 copyright. Amongst other things, it prevented NIST from publishing the content. At the time (back in 1993) it seemed that strict control of content was more important than dissemination. I believe, with hindsight, that we got that judgement wrong.

David Laceys IT Security Blog

Security Guidance Shouldn’t Be Secret

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Leaders discuss challenges, strategies for women in IT

14 tips for CIOs managing shadow IT activities

Top 2020 IT priorities hold fast amid COVID-19; spending takes hit

SearchSecurity

Guide to preventing coronavirus phishing and ransomware

Supply chain attack hits 26 open source projects on GitHub

Top 3 advantages of smart cards -- and potential disadvantages

SearchNetworking

5 things to know about MU-MIMO technology in Wi-Fi networks

5 principles of the network change management process

Small vendors that stand out in network automation

SearchDataCenter

Traditional vs. converged vs. hyper-converged infrastructure setups

IBM layoffs target services, marketing employees

Microsoft supercomputer looks to create AI models in Azure

SearchDataManagement

Couchbase sees a blurring line between cloud NoSQL and SQL

Apache Pulsar joins Kafka in Splunk Data Stream Processor

Benefits of a data catalog and why you need one

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.