Dan Geer on Trade-Offs in Cyber Security



A speech by cyber security expert Dan Geer

If you haven't caught this speech by security luminary Dan Geer over on the Schneier on Security blog, read "Trade-offs in Cyber Security," also in its entirety here: http://geer.tinho.net/geer.uncc.9x13.txt.

Dan was Chief Scientist at Verdasys and has been a long-time friend and consultant to the company. His group at MIT ran the development arm of Project Athena, where staff on his watch pioneered Kerberos, the X Window System and much of what we take for granted in distributed computing. Dan serves as Chief Information Security Officer at In-Q-Tel, as well as writing, speaking and just generally reminding us how important intellectual property protection is in companies "that don't accept half measures" when it comes to data protection. We recognize his apt description of what we strive to do here at Verdasys:

"I previously worked for a data protection company. Our product was, and I believe still is, the most thorough on the market. By "thorough" I mean the dictionary definition, "careful about doing something in an accurate and exact way." To this end, installing our product instrumented every system call on the target machine. Data did not and could not move in any sense of the word "move" without detection. Every data operation was caught and monitored. It was total surveillance data protection. Its customers were companies that don't accept half-measures. What made this product stick out was that very thoroughness, but here is the point: unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data."

Dan wrote a great piece here on this blog about how companies that are building their future on intellectual property can affford protection sufficient to protect their IP through managed services.

Mike Parrella

Please post your comments here

Related Articles
How to Build a Security Operations Center (SOC): Peoples, Processes, and Technologies

18 security pros reveal the people, processes, and technologies required for building out a Security Operations Center (SOC).

Recent Breaches, Alerts Call for Improved Defense Against POS Malware

Cyber attacks relying on POS malware have made a major resurgence – read on to learn about some new developments and incidents involving POS malware as well as tips for protecting POS systems against data breaches.

Cybersecurity Higher Education: The Top Cybersecurity Colleges and Degrees in 2019

Top higher education institutions around the world are offering cybersecurity degrees and research programs for information security professionals looking to further their careers. The following are 82 of the top degree and research programs for cybersecurity studies.