- Microsoft will float cloud OS this month
- Top 16 Chinese iPhoneys
- Pimp your ride: Cool car technology
- Laptop stolen from McCain campaign
- Cisco, Microsoft roll out server, networking appliance
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Value of WDS
What is the right balance between security and privacy? This is a common starting point in many policy discussions, especially in government. It’s a trick question because it presets the conversation as a balancing act between two values as if they are antithetical – they are not. In practical terms, privacy is security. It is the first thing a security professional learns as part of the Confidentiality – Integrity – Availability “CIA” acronym. Privacy is the individual’s confidentiality control. If we’re going to start the conversation with a question that prejudices the playing field let’s use this one: “Do you love privacy or do you hate America?”
Part of the reason we get into trouble when having these discussions is because most people confuse trust with identity. In our immediate surroundings, identity is the only basis of trust. I trust those I know. But in a larger and interconnected world, I cannot know everyone I need to trust, so I have to use references. I ask my neighbors if they know a good plumber and use their trust as a proxy to extend my trust. Do I care if the plumber is John or Suzy? If they bank with CorpBank or if they are licensed to drive? Not really.
In an even broader context I use other proxies for trust. I check an eBay seller’s “feedback” rating, I read product reviews by consumers on Amazon. I read with interest the opinions of blogger “Jerome” on the price of oil because of his track record. Yet truly, I have no idea if Jerome is a he, or if the alias Jerome is “his” real name.
If I need more trust in a transaction I look for “attestation” by a trusted organization. The DMV has attested that I can drive. Fair Isaac has attested that I pay my bills with a confidence level above 750 out of 800. As a society we hope that both the DMV and FICO have a reliable process that leads to predictable results.
But it’s important to differentiate between the narrow aspect of identity they validate (attestation) and the identity itself. If the DMV says I can drive, what difference does it make if my last name is unpronounceable and Greek-sounding? As long as the fact that I am licensed to drive can be securely associated with my person then my name, address and all that other info is irrelevant. Worse, it is a liability because every time I pull out an ID that is “comprehensive” I reveal far more than necessary for a specific transaction.
Rss FeedRss Feed
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
Security Considerations When Deploying Remote Access SolutionsEffective network security is most successful when you use a layered approach, with multiple...
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment