Chasing the magical GRC animal

Posted July 23rd, 2008 - 1 comment

I’m sure you’ve been following the Terry Childs case. Mr. Childs was a sysadmin in San Francisco who decided to change a few passwords and thus locked the city out of their new wide area network. Though it is still not clear why Mr. Childs did this, he had been recently written up for poor job performance. 

Among others, Matt Pollicove wrote about this and the need for trust.  Matt asserts that trust is a must and I completely agree. That being said, the last two points in his post are mistaken.

First he says:

This means, making sure there’s no orphan or rogue accounts in the systems.

While this is a generally accepted good practice, it would not have necessarily helped San Francisco keep from losing their network. Privileged account management would have been far more useful.  Discipline and control around how sysadmins gain access to and use root-like accounts, the bread and butter of privileged account management, would have helped avert some of San Francisco’s problems.

Second Matt says:

GRC tools will be a must in this verification.  Continue reading "Chasing the magical GRC animal"...

July 23rd, 2008 | Tags: | Category: Professional, Security | One comment

Schneier on CCTV in the Guardian

Posted July 15th, 2008

Continuing my thread on CCTV cameras (here and here), Bruce Schneier wrote a solid summation of the issues of pervasive cameras.

July 15th, 2008 | Tags: | Category: Security | Leave a comment

Follow-up on “Surveillance Cameras in DC”

Posted July 3rd, 2008 - 2 comments

Just a brief follow-up to my previous comments.  DC has written its regulations for this camera consolidation.  I have copied a version here.  Nice to see that the footage will be remained only for 10 days and then destroyed.  But it also seems like anyone can gain access to this footage if they ask nicely.

July 3rd, 2008 | Tags: , | Category: Security | 2 comments

Poorly spent funds: Surveillance cameras in DC

Posted April 10th, 2008 - 9 comments

I am especially sensitive to this as one of these camera units is a block and half from my house.  Questions that come to mind are:

  • How long will the District retain footage from these cameras?
  • Who will maintain this footage: law enforcement or emergency management?
  • Can I as a citizen request to see footage as part of a FOIA request?
  • Will INS/FBI/ATF/other Federal law enforcement agencies have access to these cameras on an ongoing basis?
As I mentioned there’s one of these cameras a block and half from my house.  It sits on a very heavily trafficked corner.  People stand there waiting for the bus.  There is a huge amount of vehicular traffic that goes right by it.  There is a 7-11 right there and there is always some flavor of law enforcement officer there. There is rare street crime in the area and when it does happen it happens blocks away on darker corners.  There is no way this camera prevents crime in any way shape or form.
 
If the real goal is to prevent crime, instead of spending the $10 million to set this system up, put that cash to funding more neighborhood cops who walk a beat.    
April 10th, 2008 | Tags: , | Category: Security | 9 comments
 
Home
  « Newer Entries