* Posts by Des Ward

2 publicly visible posts • joined 24 Feb 2009

US govt can't stop Microsoft taking its Irish email seizure fight to the Supreme Court

Des Ward

Bit moot, Outlook for iOS stores the emails in the US

All of this is a bit moot, when Outlook for iOS and Android caches your emails in the US. Look at https://www.acompli.com/privacy-policy/

Which states:

Finally, we may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to...

Game over until they move the storage to the EU. They have been very quiet on this one, and I've been asking on twitter.

Making IT security matter

Des Ward
Thumb Up

A voice of reason

This is one arcticle that every security professional should read. The reason why security legislation and regulation fails to gain traction is a simple case of failing to understand how the business operates.

We talk about security as a separate activity, but this leads to it being seen as a cancer on business performance, with it eventually encroaching on every activity until is impairs the performance of the business.

Take ISO-27001:2005 for example, it mandates the creation of an Information Security Management System which can (If implemented properly) be used to manage all types of risk (Credit, Health and Safety, Financial etc) but it rarely does. The PCI-DSS is another example where people are employed (What does a Business Analyst actually provide over a good consultant BTW?) just to understand what the business does, because the security professionals aren't perceived to be able to. PCI-DSS projects, in particular therefore become focussed on the technology rather than the management of risk surrounding payment card information.

We need to throw the technical-focussed perception off ourselves, and free our minds to actually look towards understanding and supporting business objectives and processes to defined appropiate security mechanisms that support the management of risk within the organisation.

The main problem is that all of this intangible and requires time and effort which many companies don't see the benefit in expending, but the fact is that this is the reason why the credit crunch has happened and we need to use lessons learned to create a new perception about the usefulness of corporate governance.