[ISN] Fear sells. Read the report

InfoSec News isn at c4i.org
Tue Apr 11 01:18:44 EDT 2006


http://www.theregister.co.uk/2006/04/10/infosec_fear_sells/

By John Leyden
10th April 2006 

Infosec blog The Infosecurity Europe show is almost upon us again.  
I've personally attended the show every year since 1997, man and boy,
making this year's event my tenth attendance.

Over the years the dress code has changed from jeans and t-shirt to
business suits and the agenda has shifted towards the business impact
of information security breaches (e.g. keynotes this year such as
Security Compliance from Conglomerate to SME). New concerns - such as
the security impact of VoIP technology - are emerging but hardy
perennials, such as the cost of computer virus infection, remain
consistent themes.


Surveys keep raining on our heads

Every two years the show serves as forum for the announcement of the
DTI's Information Security Breaches Survey, touted as the UK's most
authoritative look at security breaches. Latterly the lead up to the
report has been accompanied by a string of press releases, sponsored
by security vendors, highlighting a particular facet of security that
(no surprise here) help to illustrate the importance of the particular
firm's technology.

So far this year we've had releases stating "virus infection remains
biggest single cause of security incidents", that companies not doing
enough to reduce identity theft and on staff misuse of the internet.  
In the two weeks before the show at least three more releases can be
expected, if what happened in 2004 is anything to go by, leaving a the
press corps with little enthusiasm for writing about the main launch.

It's the information technology equivalent of releasing six different
trailers to promote a movie. Please, someone, make it stop!

Not wishing to pre-empt the survey myself I'll make a small bet that
it will conclude that hackers are costing UK business millions and
that security incidents are on the rise. This is probably a fair
reflection on the situation on the ground but just once I'd like to
see a survey that said some aspect of security incidents had dropped
in recent times. After all, hard working sys admins need some
encouragement every now and again that their labours are not in vain.


Bog blog

It would be remiss of us not to mention public transportation or
toilets in this pre-show blog [report - Ed]. London's Olympia is a
tricky place to get to outside of rush hours, when a handy shuttle
service runs from Earl's Court. Outside of these times London
transport advises passage via Hammersmith or West Kensington.  
Typically people coming in from central London have to change three
times and hop on at least one bus.

Of course for the real security freak the very idea of using an Oyster
card is an anathema. They'll cycle to Olympia or, better still, take a
ride in the trunk on an unmarked car.

And when they're there they'll doubtless want to use the conveniences.  
Olympia boasts at least three toilets on its ground floor.  
Unfortunately they're not particularly well marked and all located on
the ground floor, a tedious slog away from most of the opportunities
for free booze, which tend to happen on Olympia's first floor.

The toilets, once you find them, are well above the standard you'd
likely find at most Championship grounds but all in all it's not a
satisfactory arrangement. Diagonal Security's usual plan - camp out in
a nearby pub and have the world come to you, rather than braving
Olympia itself - has much to commend it.


Whatever happened to the likely lads

All this might make you think I'm not looking forward to Infosec.  
Nothing could be further from the truth. Since moving over to Spain in
January the show will be my first opportunity to meet up with key
contacts and share a beer. They'll be plenty of talk about defending
systems beyond the perimeter, the ethics of security disclosure and
malware evolution, no doubt. But what I'm really looking forward is
the opportunity to spend time in an environment where law enforcement
officials and hackers rub shoulders.

Perhaps it's too much to expect an incident like the arrest of
infamous hacker Fluffi Bunny at Infosec three years ago but let's hope
for an interesting show nonetheless. ®





More information about the ISN mailing list