Jason Holloway's Holy Grail

Security Strategies This newsletter is sponsored by Credant Video: Majority Say iPods are a Security Risk In a recent survey hundreds of IT executives were asked how they view and use portable storage and media devices. And they were also asked how they protect their corporate data from these potentially troubling devices. Watch this video to get an understanding of how people are thinking about this threat. Network World's Security Strategies Newsletter, 10/16/07 Jason Holloway’s Holy Grail By M. E. Kabay And now for something completely different!  In 1993 I published a column entitled “Velocihackers and Tyrannosaurus superior” in the paper version of Network World. The article caused considerable amusement because it analyzed the popular movie “Jurassic Park” from an information security perspective. I’m delighted to report that Jason Holloway, vice president of marketing of the security firm ExaProtect has published an amusing security analysis based on “Monty Python and the Holy Grail.” Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. The film follows a bizarre rendition of King Arthur (“Son of Uther Pendragon”) and the Knights of the Round Table (and Patsy) as they roam about Britain (knocking coconuts together as sound effects to make up for the lack of horses) seeking the Holy Grail (including in a castle occupied by French soldiers who inform him that Arthur’s mother was a hamster and his father smelt of elderberries). But I digress. Holloway makes the following points from his analysis of events in the movie. 1. Build security on secure foundations (unlike Prince Herbert’s father who built his castle in a swamp). 2. Use security information and event management (SIEM) to avoid being overwhelmed, as by the Knights Who Say “Ni!” 3. Avoid false positives, as when Sir Lancelot rushes off to Swamp Castle to rescue… Prince Herbert. 4. Beware the presumption of causation based on correlation, as when Sir Bedevere tests a woman accused of being a witch by claiming that she would weigh as much as a duck - and thus be made of wood. 5. Be sure to store log files so that you can interpret current security alerts in the light of data - unlike the Knights’ focus on the incomplete record left by Joseph of Arimathea about the Castle of aaaaaaaarrrrrrgggghhhhh. 6. Remain flexible in setting and adapting policies - unlike the Black Knight who repeats “None shall pass” regardless of circumstance. I urge all Monty Python nuts^H^H^H^Hfans to enjoy Holloway’s excellent essay.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Top 10 strategic technologies for 2008 2. Security companies to watch 3. Salary survey: IT pay falls short 4. Funniest Microsoft videos on YouTube 5. 'Networkiest' horror films 6. Google GPhones or GPhonies? 7. Quantum cryptography to secure ballots 8. Is Apple more controlling than Microsoft? 9. Oracle's 10 acquisitions in 2007 10. Would BEA disappear under Oracle? MOST E-MAILED STORY: Top 10 strategic technologies for 2008

Contact the author: M. E. Kabay, PhD, CISSP-ISSMP is Program Director of the Master of Science in Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by Credant Video: Majority Say iPods are a Security Risk In a recent survey hundreds of IT executives were asked how they view and use portable storage and media devices. And they were also asked how they protect their corporate data from these potentially troubling devices. Watch this video to get an understanding of how people are thinking about this threat. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007