September 2012 Archives

I had the opportunity yesterday to visit and speak at the ISC2 Security Congress 2012 in Philadelphia, co-located with the ASIS International Conference. Since this was only the 2nd ISC2 Congress, and my first visit to it, I thought that I'd post a few quick notes.

It's an election year, so it only seems right to put forward my own ideas on how to improve our world. ;) Actually, rather than talking about theoretical ideas, I thought it would be nice to put those ideas into specific suggestions. In this case, two of them would be legislative actions, while the third would require card brands to revise their contractual agreements from top to bottom.

Incidentally, the underlying theory is this: rather than mandating specific detailed practices (as the now-dead Cybersecurity Act of 2012 threatened to do, and as Pres. Obama has threatened to enact via executive order), I think instead it makes sense to allow the market to optimize for revised performance and/or behavior requirements. The reason I prefer this approach is because we're still in a rapidly changing and transitional period in time. Until this round of technological growth and evolution slows down and stabilizes, it's short-sighted and irresponsible to codify too many specific actions or behaviors (e.g., imagine trying to codify each of Microsoft's server security guides as law... by the time you get it ratified, it's likely obsoleted by a new OS release, not to mention that it would inevitably stifle innovation). Thus, you change the overall business environment dynamics and let the market sort itself out. Or so the theory goes.

About this Archive

This page is an archive of entries from September 2012 listed from newest to oldest.

August 2012 is the previous archive.

October 2012 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7