May 13, 2008 - Volume 3, #46

Good Morning:
I had a strange vision/nightmare recently. I wasn't sleeping, so I guess it's not a nightmare, but it was certainly strange. Let me explain. For a while I've been wondering about the impact of the constant din of advertising that we are subjected to. The research shows each individual is bombarded with thousands of brand images every day. I'm not so worried about me, since I can compartmentalize and ignore most of the stuff I'm not interested in.

I worry about my kids. They are still innocent. They don't understand about how big time marketers play with their emotions to get them to buy things. They haven't realized that material possessions are just things and they can't make you happy. They are like clay and that clay is increasingly being molded by folks at the Disney Channel and Nickelodeon and the folks that run commercials on those networks.

And it's scaring the crap out of me. I worry we are growing a robot army that just numbly walks from one store to the other and waits for the Wall Street big brains to figure out some new derivative to pay for it all.

As a case in point, we just got our new health insurance cards. Normally that's kind of ho-hum, but the new cards were sitting on the counter and Leah (my oldest) picks them up and says, "Dad, what are these?" 

Never missing an opportunity to explain something, I was all ready to launch into a dialog about insurance and paying for the doctors and healthcare and all sorts of other stuff she doesn't care about. But barely after I got the word insurance out, she blurts "Oh, you mean like Progressive..." Oh crap. Did she just regurgitate the brand of an auto insurer back to me.

Yes, she did. My first reaction was "you watch too much TV." Which, by the way, would be the right reaction. But here's the rub. They actually learn a lot from TV (and the Internet) as well. They are taken to places I never got exposed to as a youngster. They are given lessons I had to learn the hard way when Dora or even Hannah Montana get caught up in some trumped up situation that actually delivers a decent message about wrong and right and treating people well.

So I'm torn. Part of my wants to just put them in a bubble and protect them from all the evil marketers out there that equate stuff to happiness. The other part of me knows that this is the world we live in, and I need to accept that and focus on helping them learn to compartmentalize and basically ignore all the branding and figure out what is important for them.

And I'm sure I'll be fighting this battle countless times over the next 15 years as the kids grow and then eventually leave the nest. Have a great day.

I've got all day meetings for the next two days, so the next TDI will be on Friday AM.

Photo: "Robots! Ready your breakfast and eat hearty... For tonight, we dine in Silicon Valley!" originally uploaded by tyreseus [1]

Technorati: Information Security [2], CSO [3],Security Mike [4], Internet Security [5]

[6] The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [7]

Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [8] [9]

Top Security News

Greg Shipley's analogy in this seminal InformationWeek manifesto [10]. OK, maybe not a manifesto, but Greg does rant a bit about how most of us are doing security wrong and I like the messages. Of course, that they echo a lot of points I've been making is a bonus. Greg talks about providing a risk context to what it is we do, but also reminds us that risk needs to be IN CONTEXT of the business. The insurance guys have a different idea of risk than someone in high tech. And that's really the point, technology is technology and it's much easier for technologists to throw technology at the problem. But does it address the root cause of the issue? That's how security folks need to start thinking about our jobs. It's convenient if tactical technology alleviates a potential problem, but does it eliminate the risk? Greg also shows an interesting chart [11] about how security technologies have evolved and merged over time. Which again makes the point that technology comes and goes, and our problems always seem to persist. So let's start focusing on the problems and then get an idea about how to address the root cause of our problems.
Link to this [12]

Dark Reading about a Web 2.0 security session at Interop [13] and kind of laugh when one of the panelists says: "We're now in a situation where we have to monitor what our employees are doing all day long." You mean you didn't have to do that before? Or you just ignored that requirement? Security monitoring and the need to REACT FASTER are not new. We just didn't do those things very well before and now if we don't get a better handle on things, then it's going to be very hard to keep our heads above water. But if this new buzzword gets folks doing things they should have been doing for a long time, I'm good with it.
Link to this [14]

this NetworkWorld piece [15] and I was right. I guess those remnants from your address being spoofed is called backscatter. So what do you do? Basically ignore it. I guess you could change your email address, but that's a pain in the butt. You can turn off out-of-office messages and also have your mail server just drop bad address messages (as opposed to sending a notification). You can't stop the backscatter, but you can minimize your part in contributing to the problem.    
Link to this [16]

The Laundry List

Top Blog Postings

http://communities.intel.com/openport/blogs/it/2008/05/08/are-security-roi-figures-meaningless [21]
Link to this [22]

http://techdulla.wordpress.com/2008/05/13/the-new-guy-is-here/ [23]
Link to this [24]

http://infosecplace.com/blog/2008/05/02/product-maturation-and-your-business/ [25]
Link to this [26]