Define "Mission-Critical"

Today a NetworkWorld survey asked whether we were "monitoring the percent of storage space being used for non-mission critical data," and whether we were currently "classifying data into tiers based on value to the business."

Risk management based upon information value is difficult, and probably seen as soft technology -- meaning that there is a perception that it need not be done. The Applied Visions | Secure Decisions project Camus (http://bit.ly/bCpD5s) attempts to address this for military applications.  To accomplish project goals, knowledge is drawn from diverse sources, and requires a complex mix of general and specialized knowledge.

Posted via email

NIST '08 Guidelines on Cell Phone/PDA Security - And More

The U.S. Government's National Institute of Standards and Technology (NIST) Computer Security Division offers a series of publications of general interest to the "computer security community."  The current offerings include Special Publication 800-124, "Guidelines on Cell Phone and PDA Security."  This publication (Jensen and Scarfone, 2008) points out that while the lack of a large homogenous target surface has deterred large scale attacks, organizations should plan for more challenging times ahead.  Among other suggestions, the authors recommend:

• Applying patches to the O.S. 
• Eliminate or disable unneeded services and apps 
• Install and configure applications that are needed 
• Configure user authentication and access controls 
• Configure resource controls 
• Install and configure additional security controls including content encryption, remote content erasure, firewall, antivirus, intrusion detection, antispam and VPN software
• Perform security testing 

It seems unlikely that these practices are as yet widely adopted.

Even more challenging is a later suggestion that organizations should strive to "minimize functionality" of devices.