quote



David Holtzman
Internet Security Expert home
biography
essays
in the news
contact
David Holtzman

 

c|netSelling without Selling Out
March 2004
by David Holtzman
"Is there ever an ethical use for spam?"
[ Read more ]

c|netCampaign Creep
February 2004
by David Holtzman
"Politics has always been a contact sport, but as this season's crop of presidential candidates takes to the Internet, they may get tackled by the technology"
[ Read more ]

c|netSecurity at the Four Corners
January 2004
by David Holtzman
"When security is a global undertaking, CSOs are subject to the murky legal requirements of multiple jurisdictions at once"
[ Read more ]

c|netThe Renaissance of the CSO
December 2003
by David Holtzman
"Security officers can't just react to yesterday's and today's problems—they must also avert tomorrow's" 

"By studying employees' and customers' behaviors, the analysts will be able to anticipate virtual and physical risks and dangers"

"If the enemy can think it, they can almost certainly do it"
[ Read more ]

c|netCreeping Determinism
November 2003
by David Holtzman
"If security is a business-critical function within the company, it should be internally managed." 

"Security is a major business system, and it reaches into every department and function. The combined complexity quickly becomes cosmic in proportions"

"The failure of process is always a tragedy, distinguished in severity and scope by the significance of the mission"
[ Read more ]

c|netLegal is from Mars, Security is from Venus
October 2003
by David Holtzman
"Lawyers and security officers make for poor soul mates." 

"The nature of a security organization is to protect the company and its constituents from malicious behavior...Legalese sanitizes the corporation by discarding vulnerabilities"

"The clashing between the two is not only distasteful but can ultimately neutralize the security guru because inevitably he will lose."
[ Read more ]

c|netWi-FIght It?
September 2003
by David Holtzman
"Security, like other bastions of business, prefers conflict to conformance when first faced with a new technology. Wi-Fi is no exception."

"Protecting network space, where information is distributed across multiple machines, is a mammoth task. Comprehensive protection requires validation of every action and recurring authentication of each participant."

"Wi-Fi makes it harder to constrain intranet access because physical proximity is all that it takes to circumvent a firewall."
[ Read more ]

c|netThe Highs and Lows of the CSO
August 2003
by David Holtzman
"...cultural and situational issues unique to government jobs make for a particularly tough journey for the government CSO"

"The fact is, U.S. information security is in lousy shape. Outsourcing and privatization are not likely to improve the situation and might actually make it worse"

"The GAO said earlier this year that "significant information security weaknesses continue to place a broad array of federal operations and assets at risk for fraud, misuse and disruption"
[ Read more ]

c|net If you can't stand the heat, don't call 'em
July 2003
by David Holtzman
"Diversity creates a natural firebreak for computers"

"Deciding whether to call in the authorities is a business decision"

"No one can guarantee that assets won't be taken"
[ Read more ]

c|netDiversity Training
June 2003
by David Holtzman
"Diversity creates a natural firebreak for computers"

"Even a benevolent monopoly is dangerous because it becomes indispensable"

"Standardization, for all its benefits, is insidious because it enables virulent attacks to spread everywhere through common communications protocols, faster than an open-mouthed sneeze in Grand Central Station at rush hour."
[ Read more ]

c|netWill Hack for Food
May 2003
by David Holtzman
"In this tough job market, underemployed young techies pose a serious security threat."

"In the past, geeks tolerated menial jobs because they had reasonable expectations of transfer or promotion in periods of rabid corporate hiring"

"Encouraging a corporate culture of upward mobility will protect a company from internal attacks better than any automated software method"
[ Read more ]

c|netMistrust Never Sleeps
April 2003
by David Holtzman
"A healthy suspicion of every business partner can pay dividends for the CSO"

"Safety has become a commodity as tangible as duct tape or gas masks; it is the negative space left behind when fear is erased"

"As supply chains grow, it becomes increasingly likely that people who do business together will never meet"
[ Read more ]

c|netMerger Mambo
March 2003
by David Holtzman
"No matter how big the deal is, if it's going to happen, it will happen fast"

"Every deal has its own rhythm...But the dirtiest dance of all is an acquisition"

"If incompatible security styles become tangled, they can bring the party to a crashing halt. In my experience, that has been the biggest problem."
[ Read more ]

c|netFree Parking
February 2003
by David Holtzman
"...the Cyber Security Enhancement Act of 2002 (CSEA), did change the rules of the game forever...We may have reached the tipping point of privacy in our society"

"It's easy to forget about security when you don't have to worry about lawsuits"

"It's hard to imagine any company refusing to comply with a request from the government"
[ Read more ]

c|netHomeland Security and You 
January  2003
by David Holtzman

"Anyone who has anything to hide should be seriously considering a little crypto in their lives"

"Smart people are going to soon realize that sending a plain text e-mail through a commercial ISP is like misplacing a signed confession"

"Widespread acceptance of encryption will finally come about as a reaction to institutionalized data voyeurism"
[ Read more ]

c|netHome Is Where The Hard Drive Is
January 2003
by David Holtzman
"Strategic planning is next to impossible when the networks you build today will outlast the laws that govern their behavior."

"The first wave of e-commerce was defined by the workarounds...The second wave of e-commerce will be defined by the exceptions...Economic need will twist the legal areas of commerce further out of alignment with the physical location of the systems and servers."

"Pay careful attention to where the data comes out, not in; most countries will probably attach conditions and penalties to data use, not aggregation"
[ Read more ]

c|netIs the Sky Really Falling?
December 2002
by David Holtzman
"A CSO who spreads security paranoia is only making his own job harder."

"...beat them at their own game by presenting security as a business decision instead of an all-or-nothing dogma.  Frame the discussion around the company's capacity to absorb risk..."

"Banks should have more intense computer security than say, car dealers. That's just common sense; but if you ask the managers of both businesses how much security they want, they want it all—that is, until they see the price tag."
[ Read more ]

c|netCharting Ethical Waters
November 2002
by David Holtzman
"Ethics-based security policies will prevent you from being submarined by privacy problems."

"There have been numerous cases of privacy-related settlements negotiated by the Federal Trade Commission on behalf of several states...So far, there haven't been any big awards, but that day is coming soon."

"Building a security environment based on ethical principles that employees can understand and implement is great management."
[ Read more ]

c|netHomeland defense: A modest proposal (satire)
October  2002
by David Holtzman
"...Let's start by connecting most of the large government databases..."

"Since terrorism is ideologically based, anyone is a potential terrorist."

As this Predictive Data Security System threat profiling develops, people will quickly find out what kind of behavior will draw attention and what's safe. They might avoid certain books and take extra-special care to find out the background and opinions of their friends, colleagues and employees.

If a person unfortunately gets a high threat score--perhaps because of something that one of their friends or family said--they might reduce that score through some socially useful action such as providing information on one of their neighbors."
[ Read more ]

c|netDomesticating the Database
October 2002
by David Holtzman
"It never ceases to amaze me that companies know where every potted tree in the building is situated, yet have no idea what is planted in their computer systems."

"To effectively control enterprise data, you need to control the people who process it.  The most effective way to wield that control is through a measurable, unambiguous process that emphasizes accountability"

"...each active customer record in a database is worth whatever the acquisition cost would be to replace that customer, usually $20 and up."
[ Read more ]

c|netWho's Responsible for Being Responsible?
September 2002
by David Holtzman
"The bottom line is that CSOs must have unfettered access to the board. That is the only way directors can be certain the company is run honestly. Public companies have audit committees at the board level to scrutinize financial activity. Why not use a similar concept for security issues?"

"Firing the guilty is poor compensation to investors for an eroded market cap that may never return."
[ Read more ]

c|netZDNet -- Identity theft--get used to it
August 2002
by David Holtzman
"This is the dirty secret of CRM--that it dehumanizes the customers and replaces them with numbers"

"The easy way to solve identity theft is to systematically remove any ambiguity of who we are or what we are at any time or place--in the real or virtual world. Anything less provides an opportunity for theft...That is the price for freedom."
[ Read more ]

c|netC|NET -- Digital Privacy: A Curmudgeon's Guide
July 2002
by David Holtzman

"...I had become a Curmudgeon, a cranky old privacy geezer."


"Our country has a murky consensus of what privacy is. The homeland defense debate has muddied the waters even further."
[ Read more ]


WIRED -- The Price of Being a Fortress
July, 2002
by David Holtzman

"Nations that put up too many regulatory boundaries in these areas run the risk of becoming semi-isolated Digital Islands and losing the economic and intellectual advantages that come from free trade and access to the technology that drives it. This loss is cumulative and may create an irrevocable, long-term gap..."

"Our country is at a crossroads. There are those on the left who want to regulate privacy and identity information, and those on the right who want to control intellectual property. Both may ultimately lead to the same endgame - an America technologically isolated from the free flow of the digital archipelago."
[Read more]

C|NET -- The Privacy Imbroglio
March, 2002
by David Holtzman

"American privacy issues are essentially being defined by legal actions, instead of having laws enacted to enforce a generally accepted consensus. The result: Rather than proactively contributing to a debate that could dramatically alter the corporate/consumer relationship, American businesses are in a wait-and-see mode..."

"Privacy statements feel like a parking-garage disclaimer or a "hot coffee can burn" sign, and therefore become part of the legal Muzak of daily life and can be safely ignored."
[Read more]


C|NET -- Dumpster Diving in the Global Village
February, 2002
by David Holtzman

"If the Internet bubble taught us nothing else, we should know by now that there is no such thing as a free lunch. Just as the desire for a more personalized experience on the Web led to a begrudging tolerance of cookies, the demand for interconnected, easy-to-use appliances and services generates enormous amounts of unwanted descriptive information that is effectively impossible--and certainly counterproductive--to fully regulate...."

"Data is the waste byproduct of the wired world, and those who are willing to get their hands dirty will use it to discover things about us that will disturb our modern sense of privacy."
[Read more]


ZDNet -- Privacy Rights: Accountability Now!
April, 2001
by David Holtzman

"Anonymity is what makes the Internet such a special medium. For the first time, one can reach a tremendous audience without having to put his/her personal reputation on the line. The Internet has given a whole new voice to the people, but the rise in government regulation is threatening to undermine the true power of the Internet..."

"The true power of the Internet as a social medium cannot be fully realized unless individuals have the right to limit the consequences of what they say. Online attribution should not call for real world retribution."
[Read more]









   © 2002 David Holtzman