April 2010 Archives

I'm on the verge of deleting my Facebook account because of the utter lack of respect they give users who don't want all their information spewed about. The approach Facebook uses reflects and outmoded mindset that says "if you shared your information once, then clearly you've implicitly declared it public knowledge." Case-in-point: if you're a fan of a given page, other users can see your name listed as a fan, and thus Facebook considers this information to be "public" and will publish it in search results, among other things. Of course, there's still a difference between the Facebook populace and the Internet at large, so I somewhat question how "public" that disclosure might be. Incidentally, Facebook has not provided a reasonable facility (that I can find) that allows you to easily manage all the pages you're a fan of, meaning cleanup of publicly exposed information is a challenge. But I digress...

Following are a few quick suggestions for helping reduce the "public" exposure of your Facebook information, both inside and outside of Facebook.

The Undervaluation of Writing


I recently contributed to a curriculum development project for a for-profit tech school. Having previously taught a course for the school, I had a reasonable idea about some of the challenges this type of environment contained. In many ways I think of them as the fast-food equivalent of a tech school, focused on training more than education, and really only doing the minimum necessary (despite assertions to the contrary).

One of the key skill deficiencies I noticed while teaching was in the quality of writing skills. Quite simply, these students did not generally write much of anything, and when they did write, it was usually all short-hand, lacking structure and clarity. For someone working in the industry these students hoped to join, I found this issue a bit concerning. It's not that I expect everyone to be able to write the next great American novel, but I do think it's reasonable to expect distinct clarity in professional writing and communication.

Quick Poll On Long-Term Value

I Am InfoSec, and So Can You

I've been following, with some amusement, the recent small burst of blogging on how to get into infosec. I find it somewhat amusing for a number of reasons, not the least of which is that it reminds me of any number of "lightbulb" jokes (How many general relativists does it take to change a light bulb? Answer: Two. One to hold the bulb while the other rotates the universe.). Why does it amuse me so? Well, for one thing, there's no real defined path into this industry. For another, there are still lots of grey areas with respect to roles and responsibilities. That being said, here are some of my quick hit thoughts.

SAS 70 and the Lies Auditors Tell

If you've been in the infosec industry for very long at all, then you've probably run across auditors (either internal or external). In fact, if you've been in the industry for a while, then there's a good chance you've been an auditor. Regardless of your history with or view of auditors and audits, it is indisputable that audits are here, have been here for a while, and probably aren't going anywhere any time soon.

This little rant today - and make no mistakes, it is a rant - is focused on that famous little audit standard known as SAS 70, or "Statement on Auditing Standards No. 70: Service Organizations" in long-hand (full text here). I've chosen the SAS 70 as an example because it is very prevalent in the industry, generally overused, and typically afforded far more weight than is really healthy or important. Specifically, the SAS 70 is so ubiquitous that one might think it was one of the most valuable tools in the world, while nothing could be further from the truth.

My Other Pages

Support Me

Support EFF

Bloggers' Rights at EFF

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10