Identification isn't enough

Security Strategies Arsenal Digital Solutions Automated Off-Site Data Protection for SMBs Would you bet your company on the data saved during your last backup? Statistics show that only 6% of companies suffering a catastrophic data loss will survive beyond two years. And yet many organizations struggle to maintain a regular backup schedule, especially as more and more employees work from remote locations: branch offices, home offices, and while traveling. Join us for a timely, interactive presentation to find out how automated, off-site data protection can help SMBs to meet and overcome their backup, recovery and business continuity challenges. Click here to register today and learn how to protect your mission-critical data! Network World's Security Strategies Newsletter, 05/17/07 Identification isn't enough By M. E. Kabay In my last column, I started to discuss the REAL ID Act, which is currently back in the news because of a resurgence of strong opposition to its activation in 2008. I mentioned that I choose to dismiss one class of objections altogether: the notion that because there are ways around the restrictions of the REAL ID Act, it should be abandoned. A much more serious objection to REAL ID as a security measure is rooted in how we use identification and authentication for security. Bruce Schneier wrote clearly about this issue in an essay from a February 2004 “Crypto-Gram” newsletter. In “Identification and Security,” he makes the point that identification does not in itself tell us anything about the threat posed by an individual. Instead, an identifier allows authorities to compile profiles about individuals based on their recorded behavior - behavior that would be harder to compile without a unique, consistent identifier. Consider how much harder it is to track people who travel by bus and pay cash for their tickets than those who travel by air and use credit cards; but then ask yourself if travel patterns are sufficient to allow effective identification of terrorists. The Security Standard - The Only Executive Summit Focused on the Business, Management and Strategic Aspects of Security September 10-11, 2007 | The Fairmont Hotel Chicago How do your security initiatives support company business goals? The answer to this question can make all the difference in gaining the corporate-wide support and resources you need to drive your security strategies. Uncover best practices and organizational strategies for achieving success by attending The Security Standard Conference. Click here for more details. Click here for more details The 9/11 terrorists all had identification papers - some authentic, some forged. You can read extensive excerpts from _9/11 and Terrorist Travel: A Staff Report National Commission on Terrorist Attacks Upon the United States_ on the Amazon Web site. If a suicide bomber is sitting beside you on your flight from Chicago to Tampa, I really don’t think that knowing that person’s name before or after the explosion makes very much difference - in the absence of specific intelligence about that specific person. Simply having employees of state departments of motor vehicles demand birth certificates, green cards, U.S. passports or other acceptable documentary evidence of legitimate standing as legal residents of the U.S. tells us NOTHING about the risks posed by any individual. More in my third and last commentary on this problem next time.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Top 10 things Microsoft loves/hates about open source 2. Top 15 controversial Microsoft quotes 3. A quarter of under-30s now go cell-only 4. Force10 says it has Cisco Catalyst killer 5. Microsoft and open source patents controversy 6. Google: Ghost in the machine is malware 7. Your IT summer blockbuster guide 8. Deciphering Google's language translation 9. Using 'offensive technologies' to secure networks 10. Analysts squash IBM layoff rumors MOST-READ REVIEW: Midtier management tools register high marks

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. Special discount for Network World Security Strategies readers: For a 10% discount on the upcoming INFOSEC Year in Review workshop in Marina Del Ray, Calif., on June 4-5, 2007, use code WNW07 when registering online or by phone. Arsenal Digital Solutions Automated Off-Site Data Protection for SMBs Would you bet your company on the data saved during your last backup? Statistics show that only 6% of companies suffering a catastrophic data loss will survive beyond two years. And yet many organizations struggle to maintain a regular backup schedule, especially as more and more employees work from remote locations: branch offices, home offices, and while traveling. Join us for a timely, interactive presentation to find out how automated, off-site data protection can help SMBs to meet and overcome their backup, recovery and business continuity challenges. Click here to register today and learn how to protect your mission-critical data! ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007