Contributors   |   Messages   |   Polls   |   Resources   |  
Comments
Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
dlr5288
dlr5288
10/31/2017 8:15:42 PM
User Rank
Platinum
Re: Masery's Watson
Definitely agree. I get why they’re doing it. However, sometimes it will take me a few tries to remember my own! That’s why I try staying logged in most of the time.

50%
50%
dchampagne70
dchampagne70
10/30/2017 11:03:39 AM
User Rank
Silver
Masery's Watson
I agree that secuity always have to have the human touch to it.  I just don't know if it's a 100% good choice.  Well I think  part of the reason why many companies impose so many requirements on passwords (mixed capitals and lowercase, special characters, numbers, narrow length requirments, etc): it makes it hard to remember and type the password.  

50%
50%
srufolo1
srufolo1
10/26/2017 9:34:11 AM
User Rank
Platinum
Re: Masergy's Watson
@elizabethv  A disgruntled employee can do a lot of damage. For data of a huge listing or report to be published just weeks before all the data is destroyed and to start over is a big deal. It doesn't matter what the hacker is going after, either to create havoc or to steal credit card info or social security numbers.

50%
50%
elizabethv
elizabethv
10/26/2017 8:05:36 AM
User Rank
Platinum
Re: Masergy's Watson
@srufolo1 - my company recently had a data breach - my understanding is that it came through our email system. It was caught right away and handled, and we are a small company, so it wasn't newsworthy in the slightest. But it never occurred to me that the offender might have some how been tied to an ex-employee. Nothing was said to me about how it might have happened, I'm just thinking at this point. Especially given that it really doesn't make sense to breach the data of my employer, given that we don't have stored credit card information (we don't do that kind of business) and we really are very small. So I have no idea what kind of information might have even been taken. An ex-employee seems to make the most sense. 

50%
50%
JohnBarnes
JohnBarnes
10/25/2017 2:34:38 PM
User Rank
Platinum
Re: Masergy's Watson
srufolo1,

Classic case for a nudge (as well as for what the data scientists call reproducible results) -- require all reports to be generated from scratch beginning with library calls to access company datasets, and to be transmitted as code that the supervisor runs on the same library of datasets. Makes it difficult to fake or pretty up the results, and nearly impossible for a disgruntled employee to do much damage. As a side benefit it also makes recovery after oopsies, and finding "that one cool result we got last March, or was it February?" much easier.

50%
50%
JohnBarnes
JohnBarnes
10/25/2017 2:27:06 PM
User Rank
Platinum
Re: Maybe take a cue from Richard Thaler
ElizabethV,  That's almost exactly the opposite of what Thaler meant by nudges; his research showed that monitoring and supervision are often the more expensive and less effective way of doing things.  A nudge is making the thing you want people to do the easiest thing to do, so that they tend to just do that. So rather than have someone whose specific job is to mix the high-security documents with chaff in the same fonts at the shredder, you just disable all but one font and shred all the wastepaper; now, rather than doing the right thing (sort of) because a compliance officer is watching them, employees do the right thing because anything else requires too much effort.

That's also part of the reason why many companies impose so many requirements on passwords (mixed capitals and lowercase, special characters, numbers, narrow length requirments, etc): it makes it hard to remember and type the password.  The people coming into the secure area will then mess up and/or forget frequently, and if you also block them from using previous passwords, they now have to change their passwords at frequent irregular intervals -- which is what you really want them to do.

The whole trick of a nudge is to avoid  supervision and monitoring, in favor of just making the desired behavior the easiest one.

50%
50%
srufolo1
srufolo1
10/25/2017 11:40:45 AM
User Rank
Platinum
Masergy's Watson
I agree that the human factor is what is the biggest security risk. Corporations need to stay on top of employees who have left, eliminate their passwords, watch what employees are doing at work on the computer. It's a huge task. Someday I hope they get it right. I remember one company I worked at there was a person who was working on a research project. When they left on bitter terms, they destroyed all the data and it had to be started from scratch. 

50%
50%
elizabethv
elizabethv
10/25/2017 8:29:09 AM
User Rank
Platinum
Re: Maybe take a cue from Richard Thaler
@John - first, I have to agree, only having the choice of Times New Roman would drive me up a wall too. I think the nudges are well combined with a theory I was taught by a work supervisor in my teens. 90% of people do what's right because there are practices in place that monitor them doing so. I have no idea where his statistic came from, or how accurate it is. I just know that's what he told me. So with that information, the nudges make sense. Even though we all know the basics for good security practices, sometimes a reminder that we need to "tow the line" so to speak, helps keep people on the right track. 

50%
50%
JohnBarnes
JohnBarnes
10/24/2017 4:22:13 PM
User Rank
Platinum
Re: One of the few pieces I've seen that focuses on operations
Joe, if nothing else there's a process rather similar to what happens when a crab sheds its shell (hint: guess why softshell crab is a delicacy!) or when the Little Pigs were running from the house of straw to the house of sticks to the house of bricks, i.e. even if at the end you're more secure, getting from Unacceptable to Much Better can involve being extra-vulnerable.

50%
50%
Joe Stanganelli
Joe Stanganelli
10/24/2017 2:57:01 PM
User Rank
Author
Re: One of the few pieces I've seen that focuses on operations
@John: Moreover, the practicalities of operations directly tie into strategy and tactics.

For instance, 94% of respondents in a recently published cloud-security study said that containerization results in less security.

Now, that may be technologically true -- and/or, rather, it may be operationally true as a matter of complexity, change management, etc.

Either way, however, it doesn't matter who or what you blame because the result (if these 94% are to be believed) is less security.

Ditto for any new technology. Any added complexity can lead to a negative -- even a net negative -- for security, even if it's a technology that's supposed to be technologically superior from a security perspective.

50%
50%
Page 1 / 2   >   >>


Latest Articles
Italy's 5G auction could exceed a government target of raising €2.5 billion ($2.9 billion) after attracting interest from companies outside the mobile market.
The emerging-markets operator is focusing on the humdrum business of connectivity and keeping quiet about some of its ill-fated 'digitalization' efforts.
Three UK has picked Huawei over existing radio access network suppliers Nokia and Samsung to build its 5G network.
Vendor says that it's its biggest 5G deal to date.
Verizon skates where the puck is going by waiting for standards-based 5G devices to launch its mobile service in 2019.
On-the-Air Thursdays Digital Audio
Orange has been one of the leading proponents of SDN and NFV. In this Telco Transformation radio show, Orange's John Isch provides some perspective on his company's NFV/SDN journey.
Special Huawei Video
10/16/2017
Huawei Network Transformation Seminar
The adoption of virtualization technology and cloud architectures by telecom network operators is now well underway but there is still a long way to go before the transition to an era of Network Functions Cloudification (NFC) is complete.
Video
The Small Cell Forum's CEO Sue Monahan says that small cells will be crucial for indoor 5G coverage, but challenges around business models, siting ...
People, strategy, a strong technology roadmap and new business processes are the key underpinnings of Telstra's digital transformation, COO Robyn ...
Eric Bozich, vice president of products and marketing at CenturyLink, talks about the challenges and opportunities of integrating Level 3 into ...
Epsilon's Mark Daley, director of digital strategy and business development, talks about digital transformation from a wholesale service provider ...
Bill Walker, CenturyLink's director of network architecture, shares his insights on why training isn't enough for IT employees and traditional ...
All Videos
Telco Transformation
About Us     Contact Us     Help     Register     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with