tag:blogger.com,1999:blog-1411700222164224755.comments2012-04-05T00:57:49.794-04:00Al Raymond, CIPP, CISSP - ARAMARK, VP, Privacy &amp; Records Managementhttp://www.blogger.com/profile/08246559709534693627noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-1411700222164224755.post-55744592845931771922012-04-05T00:57:49.794-04:002012-04-05T00:57:49.794-04:00Good one...wonder if the app creator&#39;s were given perpetual license to invade user&#39;s privacy by just adding fine print / feceiving OK buttons ???MSIThttp://www.blogger.com/profile/00802859001948466014noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-9866240095560694322010-10-12T22:35:54.152-04:002010-10-12T22:35:54.152-04:00Good one Al... Never wanted to be on the face-book - not that I am falling of chairs :)<br /><br />Keep these blogs coming Mr.Pundit<br /><br />MVMSIThttp://www.blogger.com/profile/00802859001948466014noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-16623202659485811792010-03-29T08:33:06.074-04:002010-03-29T08:33:06.074-04:00Good one. Security always comes with a Price Tag.. some (wise) people pay uprnot and some will pay later (repent ?)<br /><br />Madhav Vedula CISA CISM<br />Managing Principal, <br />Princeton Audit Group<br />( A PCAOB Reg CPA Firm)MSIThttp://www.blogger.com/profile/00802859001948466014noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-40372121292234450082010-03-14T12:14:12.216-04:002010-03-14T12:14:12.216-04:00Hi Al,<br /><br />Good article. Especially liked the extracting value of privacy part. <br />It all depends on an individual to value his value of privacy. If he is ready to pay the price whichever way and face the consequences, it is his/her game.<br /><br />VVPhttp://www.blogger.com/profile/14229057357319346077noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-41628920496279837292009-12-16T15:41:43.917-05:002009-12-16T15:41:43.917-05:00Al,<br /><br />I think you have brought a particularly an important point. Taking something from my previous response to your earlier blog. Security, Convinience and functionality are constituents of any system and should be present in appropriate ways. Man is the weakest link in the security system developed by man. You have mentioned an example of Facebook but there are numerous such example availble. One such example is LinkedIn. We tend to put all the personal information and unknowlingly become a victim of identity theif or end up letting the world know where you have studied, which companies you have worked and what kind of work you do and so on.<br />Well it is a business networking site and good tool for prospective employers but it does goes beyond a bit according to me.<br /><br />We need to be careful what we upload in such sites as we never know when it would hit back and when that happens, it would be really hard.<br />I think we were better off with the older technologies, at least my idendity was safe with me.<br /><br />regards,<br /><br />Vaibahvb00zlumhttp://www.blogger.com/profile/14229057357319346077noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-17129162992845419572009-10-07T21:06:53.686-04:002009-10-07T21:06:53.686-04:00Vaibhav;<br /><br />Good comments and an interesting possibility, but I think the genie is out of the bottle, and the toothpaste is out of the tube, to use a few cliches. If we try to revert to the all cash approach (the &#39;mafia model&#39;, as I call it - the all cash-paying individual who never wanted to leave a trail for fear of the gov&#39;t tracking him), we would be labeled luddites!<br /><br />AlAl Raymond, CIPP, CISSP - CPO at PHH Mortgagehttp://www.blogger.com/profile/08246559709534693627noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-60619408817157192462009-10-04T11:15:34.511-04:002009-10-04T11:15:34.511-04:00Hey Al,<br /><br />Security, convenience and functionality are the constituents of any system. Ideally if they are exist at right quantities, everything is fine. But if any one parameter gets more prominence, the other two will suffer. <br />In your example you are highlighting usage of plastic (read credit card) during the typical day. This is borne out of convenience factor. The other option for it is to carry the hard cash and probably have a fat wallet. You could pay off with it at every place. Though it may sound better in terms of security but then gives rise to a different kind of issue. The fat bulge in your back packet attracts unwarranted attention from the bad guys and you may be their next victim. <br /><br />Every thing we do in a normal world can be done in different ways thru which we achieve the desired results perhaps the time has to come to perform a reality check and see how deep are you in the water and work out which option you need to chose in order to become more secure. This is not at government&#39;s insistence or for ease of technology but for seeking privacy and security of your own personal world.<br /><br /><br />Good &amp; thought provoking article.<br /><br />regards,<br /><br />Vaibhavb00zlumhttp://www.blogger.com/profile/14229057357319346077noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-11718667738723375012009-02-27T08:29:00.000-05:002009-02-27T08:29:00.000-05:00DGood question. And timely...I am considering DLP solutions now myself. In my opinion, DLP solutions are very helpful in telling you what you may not know - which is in some cases a lightyear's leap from your current position. FOr some company's, just knowing all of what is leaking from their environment is enough to know where to plug the holes in the dike. FOr other companies that do and must share data external to themselves, DLP helps them ensure appropriate access and uncover where it is unauthorized. But, as you allude, real and effective security is all about layers (including entitlement review of privileged access) and not just one big Roach Motel where data comes in, but can't get out.Al Raymond, CIPP, CISSP - CPO at PHH Mortgagehttp://www.blogger.com/profile/08246559709534693627noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-46902749942682252442009-02-27T08:17:00.000-05:002009-02-27T08:17:00.000-05:00Hi Al,<BR/><BR/>Interesting article. I hear a lot about DLP, can you comment if you think this is the silver bullet for corporate america? My opinion is there are still gatekeepers (lets call in privileged users)that can access sensitve data regardless of these measures. These people scare me because we still have to revert to the "trust" model when all is said and done.bchttp://openid.aol.com/stymiednynoreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-62121618013099796302009-02-25T17:10:00.000-05:002009-02-25T17:10:00.000-05:00Thanks Vaibhav. What you say is true. That's why social engineering is so effective, and the hardest secuity threat to protect against.<BR/><BR/>AlAl Raymond, CIPP, CISSP - CPO at PHH Mortgagehttp://www.blogger.com/profile/08246559709534693627noreply@blogger.comtag:blogger.com,1999:blog-1411700222164224755.post-52121144869885871652009-02-25T14:59:00.000-05:002009-02-25T14:59:00.000-05:00Al,<BR/><BR/>A though provoking article. In reality are normal people aware of such things? Probably not. People tend to believe and trust others who seem to friendly and warm with them and then pay the price. The question is to increase awareness and that will help in reducing such incidents.<BR/><BR/>regards,<BR/><BR/>Vaibhavb00zlumhttp://www.blogger.com/profile/14229057357319346077noreply@blogger.com