Submission + - Trust is for Suckers: Lessons from the RSA Breach (securityweek.com)
wiredmikey writes: Andrew Jaquith has written a great analysis of lessons learned from the recent RSA Cyber Attack, from a customer’s perspective.
According to Jaquith, in the security industry, “trust” is a somewhat slippery term defined in terms ranging from the cryptographic to the contractual. Bob Blakley, a Gartner analyst and former chief scientist of Tivoli, once infamously wrote that “Trust is for Suckers.” What he meant by that is that trust is an emotional thing, a fragile bond whose value transcends prime number multiplication, tokens, drug tests or signatures — and that it is foolish to rely too much on it.
Jaquith observed three things about the RSA incident: (1) even the most trusted technologies fail; (2) the incident illustrates what “risk management” is all about; and (3) customers should always come first. Here Jaquith reviews each of these in detail.
According to Jaquith, in the security industry, “trust” is a somewhat slippery term defined in terms ranging from the cryptographic to the contractual. Bob Blakley, a Gartner analyst and former chief scientist of Tivoli, once infamously wrote that “Trust is for Suckers.” What he meant by that is that trust is an emotional thing, a fragile bond whose value transcends prime number multiplication, tokens, drug tests or signatures — and that it is foolish to rely too much on it.
Jaquith observed three things about the RSA incident: (1) even the most trusted technologies fail; (2) the incident illustrates what “risk management” is all about; and (3) customers should always come first. Here Jaquith reviews each of these in detail.