Security Management Strategies for the CIOAccess "Weighing the risk of hiring hackers"
This article is part of the June 2010 issue of Finding affordable encryption options for laptop data security
Any essay on hiring hackers quickly gets bogged down in definitions. What is a hacker, and how is he different from a cracker? I have my own definitions, but I'd rather define the issue more specifically: Would you hire someone convicted of a computer crime to fill a position of trust in your computer network? Or, more generally, would you hire someone convicted of a crime for a job related to that crime? The answer, of course, is "it depends." It depends on the specifics of the crime. It depends on the ethics involved. It depends on the recidivism rate of the type of criminal. It depends a whole lot on the individual. Would you hire a convicted pedophile to work at a day care center? Would you hire Bernie Madoff to manage your investment fund? The answer is almost certainly no to those two -- but you might hire a convicted bank robber to consult on bank security. You might hire someone who was convicted of false advertising to write ad copy for your next marketing campaign. And you might hire someone who ran a chop shop to fix your car. It depends on the ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Cloud computing risks and how to manage them
by Tim Mather
Cloud computing alters enterprise risk. Here's what you need to know in order to safely navigate the cloud.
-
Use full disk or file/folder encryption for laptop data security
by Dave Shackleford
Learn about the options for protecting laptop data, including full disk encryption and file/folder encryption, and their associated deployment and management challenges.
-
Cloud computing risks and how to manage them
by Tim Mather
-
-
Symantec acquisitions cement encryption-as-a-feature
Symantec acquisitions of PGP and Guardian Edge future ensures that encryption is becoming less of a standalone security tool.
-
Demystifying governance, risk and compliance
by David Schneier
GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.
-
Symantec acquisitions cement encryption-as-a-feature
-
Columns
-
Don't keep quiet after a data security breach
by Kim Getgen and Kimberly Kiefer Peretti
Organizations who stay silent after a data security breach end up paying a higher price and helping cybercriminals.
-
Weighing the risk of hiring hackers
Bruce Schneier and Marcus Ranum debate the risks associated with hiring hackers.
-
Information security spending shouldn't be driven by compliance
If you're spending more to protect custodial data because of compliance than you are to protect company secrets, you're missing the big picture.
-
Don't keep quiet after a data security breach
by Kim Getgen and Kimberly Kiefer Peretti
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...