http://blogs.technet.com/b/steriley/archive/2006/03/13/it_2700_s-time-to-stop-playing-war-games-in-the-name-of-_2200_security_2200_.aspxReally interesting article. Military mindset no longer applicable in our line of work http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1171862,00.html My favorite bit: "Obviously, secrecy is important to business, as is the abilityen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/steriley/archive/2006/03/13/it_2700_s-time-to-stop-playing-war-games-in-the-name-of-_2200_security_2200_.aspx#422685Tue, 21 Mar 2006 22:25:12 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:422685Jesper's BlogI have been working on hardening guidance for almost 10 years. The first few I worked on were essentially...<img src="http://blogs.technet.com/aggbug.aspx?PostID=422685" width="1" height="1">http://blogs.technet.com/b/steriley/archive/2006/03/13/it_2700_s-time-to-stop-playing-war-games-in-the-name-of-_2200_security_2200_.aspx#422272Fri, 17 Mar 2006 01:17:24 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:422272Alun JonesI thought I was going to come across as a frothing loon if I said that out loud - it's something I've been saying for quite some time, though. <br> <br>My data is my data, and I may allow you to borrow it so that you can do business on my behalf, but unless there's a legislatively mandated requirement that you have access to my data, I should be able to decide who gets to borrow it or not. <br> <br>If there _is_ a mandated requirement for you to have my data, or I have allowed you access to it, there should be a process for me to inspect, and correct, any factual data you carry that describes me. <br> <br>European data protection laws have had this right from early days. &nbsp;In school, I went to a day of the committee readings of the Data Protection Act in the House of Commons, and was thoroughly expected to be disgusted (as a know-it-all teenager); I came away impressed by the fact that our politicians seemed to understand the basics of what they were discussing. <br> <br>It's not without its faults, granted, but the rights ascribed to data subjects are unparalleled by anything here in the United States.<div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=422272" width="1" height="1">http://blogs.technet.com/b/steriley/archive/2006/03/13/it_2700_s-time-to-stop-playing-war-games-in-the-name-of-_2200_security_2200_.aspx#422061Wed, 15 Mar 2006 10:04:10 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:422061TechNet ArchiveTrue, but that's not directly related to the point the article was making. This is more of a data ownership issue, and until we have regulations in this country that: <br> <br>* specifically define the subject of the information to be the information's owner <br> <br>* place financial risk of disclosure on the collectors of that information <br> <br>We won't solve the problems. Right now, you don't own the information collected about you, and the people who collect it have no financial incentive to protect it -- they don't usually pay in the event of exposure. <br> <br>We as a society must fix these two problems first.<div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=422061" width="1" height="1">http://blogs.technet.com/b/steriley/archive/2006/03/13/it_2700_s-time-to-stop-playing-war-games-in-the-name-of-_2200_security_2200_.aspx#422028Wed, 15 Mar 2006 00:31:40 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:422028Alun JonesI don't think the business mind-set really always helps all that much, either, sadly. <br> <br>The most glaring examples are the &quot;your data is now ours, and we can sell it to whomever&quot; issues that have been plaguing various credit card processing companies for some time. <br><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=422028" width="1" height="1">