The Way from Data to Information

Data Mining

Subscribe to Data Mining: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Data Mining: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Data Mining Authors: William Schmarzo, Ben Bradley, Jason Bloomberg, Robin Miller, Progress Blog

Related Topics: Data Services Journal, SSL Journal, Data Mining, Security Journal, Datacenter Automation, Secure Cloud Computing

Data Mining: Blog Feed Post

Don’t Say a Word

#17 out of 26 Short Topics about Security

This will probably be a short post since there are not that many security terms that begin with the 17th letter of our alphabet.  However, keeping Quiet is a common theme in security.

As mentioned numerous times, locking passwords, logins, and other sensitive information in your mouth vault keeps them from leaking to others.  Social Engineering has always been about compromising that vault.  Recently there was a post by Roger Thompson, AVG’s Chief Research Officer, which actually suggested to Write Down your passwords, especially complex, hard to remember passwords.

While this practice has been frowned upon for many years – as in the ever popular post-it’s stuck to laptops – there is some sense in creating (and writing down) difficult passwords that are extremely hard to guess.  Just put that paper in a safe location.  Our own Alan Murphy offered some advice about passwords just a few months ago.

mouthzipKeeping Quiet is also what most companies do when they discover a breach, at least initially.  A survey from the 2008 RSA conference showed that 89% of security incidents go unreported.  More often it’s the insider breaches that say under the covers.  Some of that could be due to just being undetected but many companies don’t want the public exposure of a breach.  Laws have changed some of that and huge breaches, like the Heartland incident, must be reported so people can protect themselves.

Even the Heartland incident wasn’t detected for a couple months, and when it was, it didn’t get reported for yet another month.  Granted, sometimes law enforcement does ask victims not to say anything so evidence can be gathered and, as to not tip off the crooks.  In any event, keeping quiet about a breach happens more often than you think and it’s often due to the fear of a damaged reputation.  Of course there is an opposing view to the damage factor by Larry Walsh where he talks about the multitude of brands who have suffered major breaches and how consumers have either forgotten or forgiven.

While silence can be golden and rests are written into music for effect, when it comes to Data Breaches not saying a word can put your business in jeopardy and in the cross-hairs of the law.


Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.