tag:blogger.com,1999:blog-4088979.post4963838240609070537..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: One Page to Share with Your ManagementRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-4088979.post-54025981880281669982010-09-13T18:39:23.358-04:002010-09-13T18:39:23.358-04:00The reason for the divided views is to be expected...The reason for the divided views is to be expected, especially coming of the back of the recent bank bailouts. On the other hand I do not expect a global corporate like Google to take on the might of China if information espionage agents are involved.<br /><br />Without a shadow of doubt global organizations would have to invest heavily to actively counter industrial espionage. Persistent security tools would play a dominant role to counter this new warfare. Some organisations get it, and some don't but it only takes a few examples for the other organizations to get it.Peter Abatanhttp://www.enterprisedrm.infonoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-43688569270387523432010-09-09T21:14:51.854-04:002010-09-09T21:14:51.854-04:00Last anonymous: do you expect companies to protect...Last anonymous: do you expect companies to protect the airspace over their office buildings, factories, etc.? I'd like to see some of my tax dollars spent on "provide for the common defense" as mentioned in our Declaration of Independence. If you disagree with the airspace comment, please read http://taosecurity.blogspot.com/2007/09/us-needs-cyber-norad.htmlRichard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-58954519633705743142010-09-09T12:02:06.511-04:002010-09-09T12:02:06.511-04:00I couldn't agree with Dan more... its not the ...I couldn't agree with Dan more... its not the government's responsibility to control every aspect of our lives. It's that corporation's responsibility to protect themselves. If you don't want your research and development department hacked, go hire a network security consultant and charge for your product accordingly. Otherwise me, you and everyone else ends up paying for that corps fault in higher taxes to fund the extra staffing that the feds have to provide.<br /><br />This is the most ridiculous stance on corporate network security i have ever read. Why don't we all take a step back and start taking responsibility for our own actions and not rely on the government for everything. The guy from Verizon above, it's Verizon's fault that their product info was hacked... not the feds. Go hire someone that knows what the hell they are doing.<br /><br />This cyber war guy may know what he is talking about when it comes to hardening infrastructure, but you need to learn some self-worth and start relying on yourself to accomplish goals. Not the government. I'm all about sharing information to make this country a better place, but our legislature is not the end all be all to make sure our personal information is safe.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-78513286628046533912010-09-08T11:27:50.202-04:002010-09-08T11:27:50.202-04:00@Ayesha
If someone steals your TV, you probably k...@Ayesha<br /><br />If someone steals your TV, you probably know about it. but it's a TV, not like anyone can do anything but try to sell it.<br /><br />If someone steals your car in the middle of the night while you sleep, goes on a robbery spree, and returns the car later, wouldn't you want to know why the seat was left scooted all the way back? more importantly, why are there bullet holes in the trunk?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-38903037077490663032010-09-07T21:55:09.138-04:002010-09-07T21:55:09.138-04:00I think that it boils down to money on deciding wh...I think that it boils down to money on deciding whether the government should be responsible for assisting companies in the defense of their networks. Do you believe that the government would be able to do defense better and cheaper then companies working on their own? Governments do have a few advantage, because the data is shared if they are able to find a particular network attack in one network they will quickly be able to see what other networks have been exploited or attempted. The big problem I see with this approach is understanding of networks. The government can't and won't be able to have an understanding of every network. Anyone who monitors networks will tell you that you need to understand the network as well as changes being made to it. <br /><br /> What I would see as working more successfully would be if the government could be responsible for feeding data to businesses. Working with organizations such as the Open Security Foundation are a step in the right direction. In this case businesses are still responsible for defending their own network but the ability to share data still exists. Working within the community is better then building a new community which is what the government is trying to do.Dremspiderhttps://www.blogger.com/profile/01582528075841814820noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-84943225590025492752010-09-07T17:38:00.625-04:002010-09-07T17:38:00.625-04:00Dan:
In response to 1, when you're TV gets st...Dan:<br /><br />In response to 1, when you're TV gets stolen, it's something physical that's taken, that you will be able to easily notice. If someone came into your house, photocopied all of your personal records so they could steal your identity, wouldn't you want the government to let you know if they had the means?Davidhttps://www.blogger.com/profile/16596700700667042611noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-88433505130189223892010-09-07T15:09:52.112-04:002010-09-07T15:09:52.112-04:00Wrong. It's not their responsibility at all. L...Wrong. It's not their responsibility at all. Let bad companies sink and good companies develop security that works. Taxpayers don't have enough money to protect everyone anyway.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-31734923837824095922010-09-06T23:09:30.786-04:002010-09-06T23:09:30.786-04:00"Clarke: It should be the federal government&...<i>"Clarke: It should be the federal government's responsibility to tell companies not only when they've been attacked but when others have been, such as their competitors, so they realize this sort of thing is going on..."<br /><br />I agree with all of these sentiments.</i><br /><br />I don't. :)<br /><br />1. It's not the government's place to tell me when my TV has been stolen either.<br />2. This is the problem with things like Infraguard. The intel you get is either so generic and sanitized that it is worthless and 6 months out of date, or it is so specific that no one will share it (neither the feds or the victims). It's, IMO, insane to think that companies will willingly share this info with their competitors or that they will be ok with it being shared by the government.Dannoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-37261467564391532492010-09-05T20:41:28.991-04:002010-09-05T20:41:28.991-04:00You have done a marvelous job! I am really inspire...You have done a marvelous job! I am really inspired with your work.M Ahmedhttps://www.blogger.com/profile/06746392782086690027noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-54581175567814295982010-09-05T13:06:36.283-04:002010-09-05T13:06:36.283-04:00"[S]ometimes companies don't know they..."[S]ometimes companies don't know they've been hacked. But frequently they realize after the fact. You don't know you've lost information until a knockoff of your product or some competing products start showing up in the marketplace."<br /><br />Great point made here and very similar to what we (Verizon) have seen in our DBIR series. Usually a company doesn't know they have been breached until they are notified by a 3rd party. The 3rd party discovers the breach because the attacker fradulently uses the data that was stolen.Christopher Porterhttp://securityblog.verizonbusiness.comnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-34523400777850759062010-09-05T11:03:05.526-04:002010-09-05T11:03:05.526-04:00Odd, I was sure I had seen a luke warm review of &...Odd, I was sure I had seen a luke warm review of 'Cyber War' on your blog awhile ago. I actually picked it up myself, mainly because it looked like a thin book that executive level folks would read and get excited about.<br /><br />Very interested to see your opinion/review of it!Davidhttps://www.blogger.com/profile/16596700700667042611noreply@blogger.com