Blogs > CSO Bloggers

Are we losing the battle? Or have we lost the war?

Matt Tett

Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at http://www.testlab.com.au blog at http://enextestlab.blogspot.com and can be found on twitter as @enextestlab.

I get around a lot, and I mean that in the nicest possible way. Over the decades there seems to have been a seismic change in the government and organisational view of operational security and exactly what the function and charter of that role entails.

There have been some rather large changes along the way, probably the largest two have been the concept of information (as opposed to data) and privacy (in the personal information sphere).

However what I have witnessed has been the move over the past five years or so from one of optimism (in that we can build secure systems, PGP is a good example, TOR another), to one of resignation (risk assessment and classification) and the mentality which goes along with that—of accepting there is a good chance that at some stage, the flag will be taken.

We now see state sponsored information harvesting, and while the majority of the data is simply innocuous, there are threats, but there are also trade and corporate secrets out there in the ether.

So my question to the community from business, government and personal perspectives is; has the war been lost? And if so what is the cost and implication?

Show Comments