Contributors   |   Messages   |   Polls   |   Resources   |  
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 2 / 2
JohnBarnes
JohnBarnes
10/24/2017 2:54:34 PM
User Rank
Platinum
Maybe take a cue from Richard Thaler
Richard Thaler, who recently won the Somewhat Bogus But Still Respectable Nobel Prize in Economics, pioneered the economic implications of the idea that small incentives could be built into systems where voluntary compliance was important -- the things he likes to call "nudges." Seems to me that the eternal human problem that Ray Watson talks about here -- getting people to change passwords and choose good ones, not to provide access for other people who might not be supposed to have it, not writing down security information in insecure locations -- is exactly the situation for which Thaler's nudges are appropriate. Yet many security folk, all the way from the guy on the floor to the guy in the C suite, tend to think of security as "making" or "forcing" the user to do something added and inconvenient. There's a fertile field out there for seeing what might be done to make security enhancements the convenient, easy thing to do.

Simple example: around the world many intelligence agencies have a single font for a whole building (which drives quite a few people crazy, admittedly, since they feel their individuality is eroded if everyone must use Times New Roman).  They also have no unsecure wastebaskets and required turn-in dates for manuals (even if the manual is just a printout of a widely publicly available text).  The result is that their valuable secure documents go into the shredder with tons of low-value public documents -- and anyone trying to pick through the shredded paper will have to sort out the top secret menu from the Power Point manual, the notes from HR about meeting the United Way goal, and the letter outlining the new rules for coffee club.  No special policy of "always print random documents to add to the mix" and "make random documents resemble regular text in an appropriate language" and so on.  Just, the way the office runs, doing what comes naturally supplies all that chaff for increased security.

50%
50%
JohnBarnes
JohnBarnes
10/24/2017 2:34:13 PM
User Rank
Platinum
One of the few pieces I've seen that focuses on operations
Most of the security articles out there are about tactics -- changing passwords often, tracking former employees, where to put checkpoints, which of the various attacks and exploits are most likely to hit a given industry, etc. Almost all of the remainder are about strategy: the quest for the naturally secure architecture, emerging kinds of threat organizations, broad categories of new kinds of attacks, etc.

But between strategy and tactics lies operations -- how to support the tactics so that the strategy gets carried out -- and this is generally a very neglected area.  It's good to see Ray Watson's broad systematic thinking about operational issues like how much should be inside any one barrier (and the tradeoff between ease/frequency of successful attacks versus cost/damage); centralization and rapid update of credentials; defending against long-term penetration versus smash-and-grab (I would call it subversion versus raiding); and the separation of IoT from SDN/NFV for the foreseeable future.  Those are operational kinds of definitions. 

Great pair of articles. Would love to hear more from Ray Watson.

50%
50%
clrmoney
clrmoney
10/24/2017 2:20:31 PM
User Rank
Platinum
Security Need Human Touch
I think that they should do that because the virtual online is taken over by machines. We do need more humans doing security so you know it will be more accurate in a way like recuiting software that  most companies have to sift through candidates to find the best person for the position, but I think it wrong because they miss out on a lot of great people more than qualified to do the simplest work.

50%
50%
<<   <   Page 2 / 2


Latest Articles
Italy's 5G auction could exceed a government target of raising €2.5 billion ($2.9 billion) after attracting interest from companies outside the mobile market.
The emerging-markets operator is focusing on the humdrum business of connectivity and keeping quiet about some of its ill-fated 'digitalization' efforts.
Three UK has picked Huawei over existing radio access network suppliers Nokia and Samsung to build its 5G network.
Vendor says that it's its biggest 5G deal to date.
Verizon skates where the puck is going by waiting for standards-based 5G devices to launch its mobile service in 2019.
On-the-Air Thursdays Digital Audio
Orange has been one of the leading proponents of SDN and NFV. In this Telco Transformation radio show, Orange's John Isch provides some perspective on his company's NFV/SDN journey.
Special Huawei Video
10/16/2017
Huawei Network Transformation Seminar
The adoption of virtualization technology and cloud architectures by telecom network operators is now well underway but there is still a long way to go before the transition to an era of Network Functions Cloudification (NFC) is complete.
Video
The Small Cell Forum's CEO Sue Monahan says that small cells will be crucial for indoor 5G coverage, but challenges around business models, siting ...
People, strategy, a strong technology roadmap and new business processes are the key underpinnings of Telstra's digital transformation, COO Robyn ...
Eric Bozich, vice president of products and marketing at CenturyLink, talks about the challenges and opportunities of integrating Level 3 into ...
Epsilon's Mark Daley, director of digital strategy and business development, talks about digital transformation from a wholesale service provider ...
Bill Walker, CenturyLink's director of network architecture, shares his insights on why training isn't enough for IT employees and traditional ...
All Videos
Telco Transformation
About Us     Contact Us     Help     Register     Twitter     Facebook     RSS
Copyright © 2024 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with