Friday Apr 27, 2012

Titantic Catastrophe: Compliant Doesn’t Mean Secure

TitanicApril 15th marked the 100th anniverasary of the sinking of the RMS Titanic - by any measure a catastrophe of epic proportions. As we think about lessons collectively learned from this event, may I suggest a nugget worth remembering that has little to do with sinking ships, but a lot to do with the enterprise we serve today? According to a recent ABC article:
... the Titanic was fully compliant with all marine laws. The British Board of Trade required all vessels above 10,000 tonnes to carry sixteen lifeboats. The White Star Line ensured that the Titanic exceeded the requirements by four boats.
But we all know that twenty lifeboats were not nearly enough for this ship.  The article continues:
But the ship was 46,328 tonnes. The Board of Trade hadn't updated its regulations for nearly 20 years. ... The lifeboat regulations were written for a different era and enforced unthinkingly.
"Enforced unthinkingly."  Therein lies our little lesson. In discipline of information security, we may be tempted to think that "compliant" means secure.  But we must not accept that at face value.  We must really understand what regulations mean and how they apply to our enterprises.  PCI DSS or HIPAA compliance may go part way, but do they really go far enough to protect our vital information that is the lifeblood of our businesses? Let's make sure we have adequate "lifeboats" and not rely completely on those who write regulations to protect our businesses.

Wednesday Oct 15, 2008

LinkedIn Identity

This morning, my colleague Hubert Le Van Gong drew my attention to the Liberty Alliance group on LinkedIn. It is great to see an expanding number of Identity Management groups available on LinkedIn.  I currently belong to these LinkedIn groups which are focused on Identity Management or Information Security topics:





Technorati Tags: , , , ,

Thursday Sep 18, 2008

Explosion on Aisle 3

If sometime my brain explodes due to information overload from cyberspace (or from the pointy-haired boss), please send a cleaning crew to mop it up.



Technorati Tags: ,
About

Discovering Identity was founded on blogs.sun.com in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at DiscoveringIdentity.com. In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.


The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today