Comments for Network Security Blog http://www.mckeay.net The views of one man on security, privacy and anything else that catches his attention. The views expressed on this blog do not reflect the views of my employer or anyone other than myself. Sun, 20 May 2012 16:06:46 +0000 hourly 1 http://wordpress.org/?v= Comment on How do you keep your data ‘safe’ despite a compromise? by R. Scott McCoy http://www.mckeay.net/2012/05/20/how-do-you-keep-your-data-safe-despite-a-compromise/comment-page-1/#comment-10305 R. Scott McCoy Sun, 20 May 2012 16:06:46 +0000 http://www.mckeay.net/?p=3064#comment-10305 I think your estimate of how many companies know they are compromised is extremely high. I still meet far too many people that are in denial and lack the tools and people necessary to find out for sure. The top ten Defense companies are doing the best job of protecting data in my opinion, but even they lose data occasionally. Without some revolutionary, game changing gizmo, the only two viable options I see are either to create a closed environment like a classified network, or to ramp up the capabilities of companies to the level of those big ten Defense companies. Both are expensive to create and maintain. Losing health and privacy data is serious, but when companies lose the Intellectual Property that is really the only reason they are in business, those companies risk going out of business. A company that must work R&D into its pricing can't compete with a company that stole the data and built an identical product. When you are looking at losses on that scale, it is easier to justify not just the expense, but the inconvenience that strong security measures require. I think your estimate of how many companies know they are compromised is extremely high. I still meet far too many people that are in denial and lack the tools and people necessary to find out for sure.

The top ten Defense companies are doing the best job of protecting data in my opinion, but even they lose data occasionally. Without some revolutionary, game changing gizmo, the only two viable options I see are either to create a closed environment like a classified network, or to ramp up the capabilities of companies to the level of those big ten Defense companies. Both are expensive to create and maintain.

Losing health and privacy data is serious, but when companies lose the Intellectual Property that is really the only reason they are in business, those companies risk going out of business. A company that must work R&D into its pricing can’t compete with a company that stole the data and built an identical product. When you are looking at losses on that scale, it is easier to justify not just the expense, but the inconvenience that strong security measures require.

]]> Comment on Masking vs. Truncating by Steph http://www.mckeay.net/2009/11/12/masking-vs-truncating/comment-page-1/#comment-10299 Steph Mon, 07 May 2012 15:23:13 +0000 http://www.mckeay.net/2009/11/12/masking-vs-truncating/#comment-10299 Thanks! This was very helpful and just what I was looking for after reading section 3.4. :) Thanks! This was very helpful and just what I was looking for after reading section 3.4. :)

]]> Comment on Network Security Podcast, Episode 272 by Daniel http://www.mckeay.net/2012/04/05/network-security-podcast-episode-272/comment-page-1/#comment-10295 Daniel Sat, 05 May 2012 10:19:53 +0000 http://www.mckeay.net/?p=3037#comment-10295 viewed your episode and i agree with melissa its worth watching. viewed your episode and i agree with melissa its worth watching.

]]> Comment on This is why CISPA scares me by Hary http://www.mckeay.net/2012/04/12/this-is-why-cispa-scares-me/comment-page-1/#comment-10293 Hary Thu, 03 May 2012 21:16:26 +0000 http://www.mckeay.net/?p=3042#comment-10293 Great! and the graphic images are awesome.. Great! and the graphic images are awesome..

]]> Comment on This is why CISPA scares me by Paul Masson http://www.mckeay.net/2012/04/12/this-is-why-cispa-scares-me/comment-page-1/#comment-10287 Paul Masson Wed, 02 May 2012 18:18:14 +0000 http://www.mckeay.net/?p=3042#comment-10287 Martin, Great post. I especially like the graphics. If you're like me, you will want to sign the petition: http://www.stopcispa.com/ Martin,
Great post. I especially like the graphics. If you’re like me, you will want to sign the petition:
http://www.stopcispa.com/

]]> Comment on This is why CISPA scares me by Network Security Blog http://www.mckeay.net/2012/04/12/this-is-why-cispa-scares-me/comment-page-1/#comment-10252 Network Security Blog Tue, 17 Apr 2012 23:36:47 +0000 http://www.mckeay.net/?p=3042#comment-10252 [...] CISPA is getting better, but still has a long way to go [...] [...] CISPA is getting better, but still has a long way to go [...]

]]> Comment on Network Security Podcast, Episode 271 by Verizon’s latest breach delivery | The State of Security http://www.mckeay.net/2012/03/27/network-security-podcast-episode-271/comment-page-1/#comment-10250 Verizon’s latest breach delivery | The State of Security Tue, 17 Apr 2012 15:01:48 +0000 http://www.mckeay.net/?p=3028#comment-10250 [...] was catching up on my backlog of podcasts last week, and listened to Episode 271 of the Network Security Podcast (part of my balanced diet of security fiber).  If you’re not familiar with this podcast, it [...] [...] was catching up on my backlog of podcasts last week, and listened to Episode 271 of the Network Security Podcast (part of my balanced diet of security fiber).  If you’re not familiar with this podcast, it [...]

]]> Comment on BaySec tomorrow night by Doron http://www.mckeay.net/2009/02/18/baysec-tomorrow-night-2/comment-page-1/#comment-10245 Doron Thu, 12 Apr 2012 23:38:55 +0000 http://www.mckeay.net/2009/02/18/baysec-tomorrow-night-2/#comment-10245 Martin, When and where is the next time you meet? Thanks, Doron Martin,

When and where is the next time you meet?

Thanks,
Doron

]]> Comment on Global Payment Systems delisted by Visa by Maureen Robinson http://www.mckeay.net/2012/04/02/global-payment-systems-delisted-by-visa/comment-page-1/#comment-10243 Maureen Robinson Thu, 12 Apr 2012 12:30:17 +0000 http://www.mckeay.net/?p=3033#comment-10243 I believe you have done a good job in explaining on simple terms the relationship between the bank, merchant, credit card company, etc. Visa was subjected to a major security breach, and as you’ve stated in the article, this very well could be only the tip of the iceberg. I believe that in order for the industry to develop and to increase its overall security, all standard regulations such as PCI DSS, HIPAA, NIST and others should be clearly defined and followed by all companies. Please check out our point of view on the importance of PCI and other security regulations: http://blog.securityinnovation.com/blog/2010/12/the-time-for-application-security-certification-is-now-part-ii.html I believe you have done a good job in explaining on simple terms the relationship between the bank, merchant, credit card company, etc. Visa was subjected to a major security breach, and as you’ve stated in the article, this very well could be only the tip of the iceberg.
I believe that in order for the industry to develop and to increase its overall security, all standard regulations such as PCI DSS, HIPAA, NIST and others should be clearly defined and followed by all companies. Please check out our point of view on the importance of PCI and other security regulations: http://blog.securityinnovation.com/blog/2010/12/the-time-for-application-security-certification-is-now-part-ii.html

]]> Comment on Network Security Podcast, Episode 272 by Melissa http://www.mckeay.net/2012/04/05/network-security-podcast-episode-272/comment-page-1/#comment-10238 Melissa Mon, 09 Apr 2012 12:16:20 +0000 http://www.mckeay.net/?p=3037#comment-10238 Hi Martin, I did view the entire episode and trust me found it worth the watch. Hi Martin,

I did view the entire episode and trust me found it worth the watch.

]]>