Yet another intrusion with data theft, yet another chorus of yells for "encryption.” I refer to the eBay intrusion from last week with the subsequent hysteria over their not encrypting certain personal information
at rest. "It is inexcusable for a company the size of eBay with the
amount of data it holds to not encrypt all personal information held,”
said Trend Micro’s Rik Ferguson.
It has become quite fashionable these days to say, "If only the information had been encrypted.”
... The point I'm trying to make is that without a solid security and
privacy program in place to start with, encryption at rest is like
applying duct tape to a broken bone. Encryption has its uses, and it can
be effective as a security and privacy control, a safe harbor control
and as a compliance measure. But if you're not careful about realizing
its limitations and communicating them to your executives, you're the
one that will be in hot water when an incident occurs.
By Aurobindo Sundaram, CIPP/US
read full article at IAPP https://www.privacyassociation.org/privacy_perspectives/post/dont_fall_for_the_encrytion_fallacy
No comments:
Post a Comment
Hi and thank you for your interest in sharing your view.
Please be aware that your message should follow the rules of creative criticism and knowledge/ideas sharing. No defamatory, insulting, hideous, hateful, inapropriate language or targeted messages would be posted.No trademark or IP violation will be allowed nor the promotion of any commercial services or products. Of course anything that can violate others' privacy is not allowed as well.
Last, but not least, mind that it is better to have a discussion than angry monologues.
That is all. Comments welcome!