IT security and other aweful matters

Of computer mice and men – for availability, integrity and privacy

Hillary Clinton’s Email – When the boss doesn’t want to comply

This is the one thing where you wouldn’t like to be the resonsible Information Security Officer, or what else title you’ve been allocated: When the boss doesn’t care about the security policies, and she does just what she believes is the right way.

That is what upset me most on the current Clinton story turning into wild and may end any further political ambition of Ms. Hillary Clinton. The only comforting element in all this mess is the attention focused on the proper ways to deal with e-mail in organizations, and I hope people understand that this is not a problem for the sole State Department, but for any organization, that e-mail is written mail committing the body that is associated to it.

And of course it seems sheer unbelievable to me that never ever has any classified information or data been transmitted via the Clinton server that served the mails. No, please, do not investigate into further details.

Or, on the other hand, please reveal it all, and thus demonstrate that all this paranoic hide and seek and espionage is just a game, that at least as far as politics are concerned there is nothing to conceal. Certainly observers in the whole world, from North Corea and China to Russia and Germany, overheard this e-mail traffic, serving it to their administrations, which couldn’t get no relevant information out of this they did not already know or have taken into account for their own moves towards the US.

So far for the political scandal.

It’s another game for private organizations subject to industrial intelligence. Discovering the R&D plans would be disastrous for a many company. So let this be a tragic occasion to remind that the ordinary internet e-mail is readable like a post card to any medium expert conneceted to the internet. And e-mail is part of a companies set of documents, subject to rules of non-disclosure, committed to integrity of information as one of the three main targets of information security, and necessarily archived in order to assure accountability and audits.

If I wouldn’t read it in a lot of online sites, honestly, I would think of a hoax. But it looks like it is a real bad, and bad enough, a real one.

One source of a dozen – The Washington Post


Author: TTeichmann

IT is my business since 1985, focused on IT security since 1999. I built up several IT networks as security based architectures. In 2007 business continuity management came into my portfolio. I feel open minded, keeping an eye on things evolving, trying to find solutions that meet business needs while security requirements are kept high. ITsec, ITSCM and BCM are necessarily part of cost efficient IT delivery today.

Comments are closed.