This is cache of http://blogs.technet.com/security/archive/2008/04/10/rsa-2008-keynote-john-thompson.aspx. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
RSA 2008 Keynote: John Thompson
2008-04-09 23:02:00 by jrjones in Jeff Jones Security Blog
 
john_thompson_keynote

Following RSA President Art Coviello on the keynotes this morning was John Thompson, CEO of Symantec.  The topic of the keynote was "Information Centric Security: The Next Wave."

On one hand, this was one of the more interesting sessions of the morning, because John brought up his Research Labs VP, Steve Trilling, who shared lots of interesting security factoids from their research:

  • 70% of malware during the latter half of 2007 stole PII
  • Symantec believes we may have reached an inflection point where more malicious code is created daily than non-malicious code
  • The bad guys have all the elements of a full scale economy, including specialized job roles and a supply and demand market dynamic

In the underground economy:

  • Stolen e-Bay accounts sell for $8
  • Bank can accounts sell for $1000
  • Credit card number can go for as little as $0.40
  • World-of-Warcraft level 70 accounts go for $4 and up

This last point was interesting - a WoW account can be worth 100x that of a valid credit card number.  As was said in the keynote "even in virtual worlds, there is real money for hackers."

On the other hand, there wasn't a lot of new information discussed concerning the title - information centric security.  Mr. Thompson did say that we should start taking a more information-centric approach to security, or as he paraphrased it, "take a risk-based approach to protecting data."  But is that really a new approach?

Most of the security professionals (not security technologists or security product folks, necessarily) have advocated a risk-based approach to protecting data for as long as I can remember.  It is still a good idea, don't get me wrong, but I don't see it as the "next wave".

One other call to action which John Thompson made was the call for a national approach to security and privacy disclosure laws.  He pointed out that, in addition the well-known California law, 40 other state-level bills are currently being considered.  In my opinion, should they pass, it would make it really tough for companies to remain compliant.  I echo his support of the need for a more national solution.

Regards ~ Jeff

X-posted to: http://blogs.technet.com/security and http://www.microsoft.com/security/rsa2008/default.mspx

 
Tags: security, security professionals, security factoids, security product folks, john, john thompson, information centric security, information, thompson
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia