BlogInfoSec.com

As the author notes, this email was a response to my post, Be honest: What’s the value of that data you’re protecting? I find discussion of his 5th point severely underrepresented in our industry. It is something we in the information security field should expand upon.

Ken,

I just finished reading your post of March 19, 2007, “Be honest: What’s the value of that data you’re protecting?” I think this is what you meant in your email of a few days ago. Interesting. Makes me recall things:

(1) Years ago, during the (first?) war called cold, it was suggested we give all of our data to the adversarial state and simply not tell what was important and what was not. The idea was that they would go into a state of paralysis trying to learn what was worthwhile. I suppose pieces of the data could have be salted with this or that to muddy the waters; some folks at some agency or other were (still are?) wont to so do.

(2) A company I had dealings with was always referring to something called “living documents” (maybe the expression has been used elsewhere) and so I suppose that once a document was “dead” (i.e., once it went – perhaps a day earlier, perhaps a year earlier – into a state of no longer being updated [maybe it's now become an orphan!]), one could still be unsure of whether the data in the “dead” document was harmless or potentially toxic. Re the “dead” documents I found in my travels: hopefully data therein cannot hurt anyone any more were they to be found on, say, a bus seat; data (on paper, on drives, in memory) destruction is a fascinating subject (for example, see Peter Gutmann as well as Dan Farmer and Wietse Venema).

(3) Someone (Don Parker?) said that data is to information as iron is to steel.

(4) One could leave one’s social on a bus but what utility would that have to the finder if she could make no link to the person assigned the social. A New York newspaper once known to some as the paper of record had an interesting graphic some time showing links between planes and dummy organizations and real people. The link data was obtainable through open sources; as I recall the planes could be noted here and there to be doing something that has been euphemistically called rendition. I suppose someone was asleep at the switch because the utility of this information could one day bear great dividends. Or maybe not but you know what I mean.

(5) One area I found fascinating was all the data sloshing in outsourced offshored lands but I refrain from being specific. (USA –> country X which then lets country Y have a copy but no one in the good old USA has a clue about country Y).

(6) If you want an example of dangerous data of utility perhaps mcphee’s book the curve of binding energy was once a shining (no pun intended) example.

Popularity: 2%

Bookmark this post

•Sphere: Related Content•

Popularity: 2%

•  Print

Related Articles:

• Spiteful Employee destroys $2.5 Million worth of data, data recovered
• Equifax: We Corrected Your Info, Here’s Who Submits Your Info
• Be honest: What’s the value of that data you’re protecting?
• Moderated at United Nations on Technology Based Violence
• Speaking Recommendation from American Banker Conference