Elsewhere in the New School department
Dennis Fisher wrote “Why Bob Maley’s Firing is Bad for All of Us:”
The news that Pennsylvania CISO Bob Maley lost his job for publicly discussing a security incident at last week’s RSA Conference really shouldn’t come as a surprise, but it does. Even for a government agency, this kind of lack of understanding of what actually matters is appalling and it is a glaring example of the sickness of secrecy that’s infected far too much of the security community.
and Adrian Lane wrote “FireStarter: IP Breach Disclosure, No-Way, No-How:”
On Monday March 1st, the Experienced Security Professionals Program (ESPP) was held at the RSA conference, gathering 100+ practitioners to discuss and debate a few topics… As could be expected, the issue of breach disclosure came up, and of course several corporate representatives pulled out the tired argument of “protecting their company” as their reason to not disclose breaches. The FBI and US Department of Justice representatives on the panel referenced several examples where public firms have gone so far as to file an injunction against the FBI and other federal entities to stop investigating breaches. Yes, you read that correctly. Companies sued to stop the FBI from investigating.
If we had a stamp of approval, I’d be stamping both of these posts. But as is, I’ll just point at them and say “stop what you’re doin’, cause they’re about to ruin it.”