David Laceys IT Security Blog

Security Guidance Shouldn’t Be Secret

One learning point from the recent HMRC data breach is the need to de-classify security guidance. As noted by the Guardian and The Register, some Government security manuals tend to be protected data themselves. This restricts their distribution. Most of Industry de-classified their security policies and standards and placed them on their Intranets more than a decade ago. Security by obscurity no longer works when ordinary members of staff have the capability of compromising large quantities of sensitive company or customer data.

SearchCIO

How edge computing differs from decentralized computing

Edge computing isn't about sticking servers and storage in a branch location. Learn the critical differences between edge and ...

Facebook's Libra project -- why enterprises should prepare

Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the ...

Ransomware attacks: How to get the upper hand

Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is ...

SearchSecurity

Enzoic for Active Directory brings continuous password protection

Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live ...

Understand the basics of email security gateways

Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these ...

CyberArk brings updates to privileged access security offering

CyberArk introduces CyberArk Alero to its privileged access management product lineup, in addition to other endpoint management ...

SearchNetworking

An introduction to smart NICs and their benefits

This introduction discusses how smart NICs work and how they can benefit data center servers. It also explores the smart NIC ...

What are the features and benefits of 5G technology for businesses?

In addition to high speeds and low latency, the emergence of 5G cellular technology could put some pressure on the market prices ...

Why did operator NFV adoption lag so much?

NFV adoption was hampered by high costs and deployment issues, according to one industry insider. Also, learn about the latest on...

SearchDataCenter

3 ways to benefit from open source infrastructure

Using open source infrastructure can reduce operating costs and streamline upgrades, but it's important to weigh the pros and ...

IBM mainframes face competitive pressures inside and out

IBM's mainframe business continues to be under pressure from cloud-based competitors, and perhaps even its own Power server. ...

Linux features beyond server management

Due to its open source nature, Linux is constantly gaining new capabilities. Here's a look at some common use cases and features.

SearchDataManagement

11 real-time data streaming roadblocks and how to overcome them

Experts detail common challenges that IT teams encounter when deploying and managing real-time data streaming platforms and offer...

Snowflake product VP expounds on data warehouse for the cloud

In this Q&A, Christian Kleinerman, vice president of product development at cloud data warehouse vendor Snowflake, talks about ...

RavenDB Cloud automates database management

RavenDB's managed cloud database service, RavenDB Cloud, intends to automate security processes, reduce overhead and cater to ...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Andrew Yeomans - 19 Dec 2007 5:24 AM

Should copyright be used to restrict the distribution? BS7799/17799/2700x might be more frequently used if published under a copyright licence allowing redistribution. And perhaps even more relevant, if derivative works were explicitly permitted, we might see more example policies derived from the standards. Other bodies such as ISACA and ISF seem to get along with allowing freely downloadable standards.

David Lacey - 19 Dec 2007 7:02 PM

I couldn't agree more. I have to admit to having been a strong supporter of the original case for BS7799 copyright. Amongst other things, it prevented NIST from publishing the content. At the time (back in 1993) it seemed that strict control of content was more important than dissemination. I believe, with hindsight, that we got that judgement wrong.

David Laceys IT Security Blog

Security Guidance Shouldn’t Be Secret

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

How edge computing differs from decentralized computing

Facebook's Libra project -- why enterprises should prepare

Ransomware attacks: How to get the upper hand

SearchSecurity

Enzoic for Active Directory brings continuous password protection

Understand the basics of email security gateways

CyberArk brings updates to privileged access security offering

SearchNetworking

An introduction to smart NICs and their benefits

What are the features and benefits of 5G technology for businesses?

Why did operator NFV adoption lag so much?

SearchDataCenter

3 ways to benefit from open source infrastructure

IBM mainframes face competitive pressures inside and out

Linux features beyond server management

SearchDataManagement

11 real-time data streaming roadblocks and how to overcome them

Snowflake product VP expounds on data warehouse for the cloud

RavenDB Cloud automates database management

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.