What Have You Changed Your Mind About? Why?
by Nitesh Dhanjani
However, I think some people in corporate security take this argument too far and end up awarding critical roles to individuals that do not have the appropriate skill-set and mind-set. More often that not, this happens when organizations responsible for information security misunderstand the argument to mean that you only need to probe for the understanding of business fundamentals and process management when recruiting for talent. Depending upon the criticality of the role awarded, this can deem disaster.
All security problems are trust problems. All trust problems are people problems. Therefore, all security problems are people problems.
Excellent article, and very true.
It takes a certain kind of person to work in security one who is constantly questioning. I used to be known at my previous job as a bit of a know-it-all but yet whenver someone fixed something in a way I hadn't thought of I asked to be shown how. I don't think a day goes by when I don't change my mind or have it changed for me on something, whether it be IT related or simply personal belief.
IT Security is an ever changing field, and that is part of what attracts me.
Onto your other topic PII, fortunately in Australia at the moment, we don't have a SSN, about the closest thing would be either a medicare number (public health system) or Tax File Number(TFN), but my employer doesn't have my medicare, they have to have my TFN, but really if anyone knew it the worst they could do would be to get a job as me, and pay tax on that job... they would be found out when I do my tax return and then no harm done.
That being said I am not going to post them online, nor would I tell just anyone them.
I think we need to start getting smart cards with little LCD's and it spits out a hash of our PII salted with the time and date(like SSN and TFN) then we put this hash and the time and date on the form (something like rsa tokens). Then no-one ever knows your number, just a single use hash.
If that hash is ever used again it is blocked, problem solved... till someone makes a rainbow table or reverse engineers the algorithm.
Yeah maybe seperate numbers are the winner.