It’s that time of year. We can sit back on cold near-winter nights in front of a fire with a pipe in hand, rocking back in a comfy chair and muse. Yup, it’s a time this week for discussions in information security!
Hoff has been talking about valuing information security, always a passionate subject for everyone, and one without a clear (or even muddy!) answer. He’s also talking about security and disruptive innovation. Good stuff to read! Oh, and while you read what he has to say, try to convince him to change back to “Rational Security.” I tried to register rationalsurvivability.typepad.com but wasn’t willing to pay the initial fee…doh! There isn’t even a category on his site for surviability! Fad! Fad! I predict he’ll quietly revert back after the start of the year. 😉
It really felt like Bejtlich was gearing up for some revelatory posts, and he pushed one out in talking about how controls are not the solution. Instead, look at the outputs.
And Mogull had a nice comment in a recent post of his, “While the encryption market isn’t nearly as big as most of the world wants you to believe…”. I agree. I think many are waiting for this “market” to turn into the inevitable fea…no, it won’t be a “feature,” it’ll eventually be standard and just accepted. For now, HDE/FDE is still difficult to manage across an enterprise, wrought with frustrations, and managers would rather see less mobile devices anyway. Why protect the laptops we really dislike deploying? Just deploy less! And so on…