Pragmatic Cybersecurity unpublished

Pragmatic Cybersecurity unpublished

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

The new kid on the block - COIN

As security professionals, you can be forgiven for thinking that we are fighting a losing battle. We have come a long way from being tarred with the “black art” brush, having highly acclaimed credentials in the extensive use of smoke and mirrors, to a little glimmer in some areas of being “listened to” by the business.  This has been in no small part due to the number of high profile security breaches of very sensitive information that threatens to destabilise governments and the financial standing of some corporate organisations.  Has the life of the security professional become easier because of this?  Are we anymore understood now than we were 10 years ago? To the astute the answer will be a resounding, no!
 
It’s not at all ill-conceived to suggest that trends in the consumer space will influence new ways of working within the enterprise.  So, from the biometrics frailties of the iPhone TouchID to privacy concerns with the Internet of Things, these are all new trends that we will need to cope with – with history to rely on, it will be folly to think that there will be no new concerns.  There are likely to be new attack vectors that you need to understand and protect against – as both individuals and corporations.   Not too long ago we gasped at the sacrilege of contemplating Near Field Communications (NFC) technology integrated with credit cards but that’s now mainstream.  Consider the new kid on the block – COIN.  This technology is set to  revolutionise the way we use credit cards, loyalty cards, etc:  Have them all on one card!  Now that’s a novel idea.  Why didn’t someone think of that before? Is it insane to suggest that compromising the ‘All-in-one’ card won’t threaten to compromise every card associated with it?  Even your typical consumer will balk at the thought of managing their cards by one device, however it’s convenient and if it’s good enough for Johnny then it must be fine. So what’s the message to the business?  Mad panic and threaten them with fire and brimstone if they implement it - well that’s worked in the last 10 or so years and they have clearly listened…  On a serious note, we are now a lot more mature in our approach to risk management and so we need to go back to the fundamental tenets of security and explain the risk.  Not in our old mumbo jumbo language that nobody understood, we need to learn to think, talk and act like those we serve to ensure that our message is clear and understood. As a guide, If your sentence starts with 128 bit encryption you’re off to a bad start.  For a number of reasons…
 

About the author

Ian Cole
Ian Cole
Ian has been employed with Capgemini since 2006 and during this period has been assigned on a number of public and private sector projects within the various market sectors. Ian’s security interests are in information assurance/protective security; he also has a penchant for deciphering security speak to simple English targeted at a CxO level. Ian is a Security Cleared consultant with over 15 years experience in information security. He has an MSc in IT Security and is a member of CESG’s Listed Advisor Scheme (CLAS), an Associate Member of Institute of Information Security Professionals (IISP), a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA) and an ISO27001 Lead Auditor.

Leave a comment

Your email address will not be published. Required fields are marked *.