Some people believe, and don't mind sharing the view, that "Privacy is dead." I suspect that some of the proponents of that perspective do not fully understand just what privacy is. It does not mean that nobody shares any of their personal information. It means that each individual gets to choose how and when that personal information is shared.
Privacy is not helped when the government is not willing to do much to protect it. There are entire industries built on the storing and selling of information about every individual in the United States. This is not information that you may have explicitly made the choice to share, but they are able to sell that data because it falls under the realm of "public information." We should not worry too much that this information could easily lead to the stealing of your identity if it were to fall into the wrong hands.
The other problem is the creation of websites where you are expected to share personal information in order to be part of a community. Those who keep their information locked down are seen as standoffish in this new community, much like someone at a party who just doesn't open up or talk about anything. You are expected to share things like the area you live in, where you like to vacation, marital status, information about any children you may have, where you work, and more. Each piece of information, analyzed by itself, seems innocuous and unimportant. The concept that many do not consider is the kind of profile that could be built based on all of this information as a whole. It just might be enough information to con account details out of your bank. It might be enough to get medical information from a hospital or doctor's office. Maybe these "bad guys" would be able to sign up for credit cards, bank loans, mortgages, etc, using this profile information gleaned from a few Internet-accessible sites.
At the end of the day, people need to take the willful dissemination of this private information much more seriously than it seems they do today. More care should be given to the complete picture of what this information means, rather than the minimal significance that each individual piece might represent. As well, our government should do more to protect our information by putting tighter controls around the storing, processing, and sharing of this information. When an entity fails to properly handle this information, there should be transparent procedures and penalties that must be complied with. No longer should companies be able to make up the rules as they go along, nor should the legally proscribed standards strive to be weak in order to keep big business happy. The standards should be considered high-end and businesses will either comply or be forced out of the game.
Thursday, July 15, 2010
Saturday, July 3, 2010
Welcome to the blog.
This will be a place for my thoughts regarding the security world. From commentary about the events of the day, higher policy issues, and training/education, I plan to gather it all here. This way it will be a personal record and archive that I can use for personal development, with the potential that it may help others along the way as well.
After acquiring the CISSP certification, I have heard many in the infosec community express negative views of it. The one thing I would like to express is that I find value in it because I got the experience and absorbed the knowledge in order to obtain it. While it is not overly technical, I learned about some higher level items, that were outside of my previous experience, that I feel gives me some insight about other parts of the business enterprise. For me, being able to see things from a higher level is a very positive experience and thus of great benefit personally. I don't think it makes me a genius or an expert at anything, but I value it because of the work I put in to get it. I am wary of those who label themselves as geniuses and experts anyway, so I am unlikely to ever feel I meet that criteria (nor would I desire to). If I ever think I have nothing left to learn, it is time for me to have a brain scan.
Now on to bigger and better things. This blog will motivate me to stay informed, express my views, improve on my writing skills, improve on my presentation skills, and otherwise stay more actively involved with the security world.
After acquiring the CISSP certification, I have heard many in the infosec community express negative views of it. The one thing I would like to express is that I find value in it because I got the experience and absorbed the knowledge in order to obtain it. While it is not overly technical, I learned about some higher level items, that were outside of my previous experience, that I feel gives me some insight about other parts of the business enterprise. For me, being able to see things from a higher level is a very positive experience and thus of great benefit personally. I don't think it makes me a genius or an expert at anything, but I value it because of the work I put in to get it. I am wary of those who label themselves as geniuses and experts anyway, so I am unlikely to ever feel I meet that criteria (nor would I desire to). If I ever think I have nothing left to learn, it is time for me to have a brain scan.
Now on to bigger and better things. This blog will motivate me to stay informed, express my views, improve on my writing skills, improve on my presentation skills, and otherwise stay more actively involved with the security world.
Subscribe to:
Posts (Atom)