Author: Matt Tett, CISSP, CISM, CISA, CSEPS ~ Enex TestLab
Security, Security, Security, for many of those in the industry it is the mantra they live by. Without security there is insecurity. Everyone is a threat, and out to get you with their nefarious deeds. The biggest threat to your personal security apart from physical action ~ outright terrorist threat or violent crime is far more passive and difficult to detect, being; identity theft and associated fraud or other criminal activity once the bad guys own you.
Granted people don’t get into our industry without their own healthy dose of paranoia (how else do they innately identify threats and risks), and as with the software developer/coder scale of sociopath, security practitioners have their scale dialled to paranoia. The more sociopathic you are the better a developer and the more paranoid you are the better a security practitioner, until eventually the remainder of both groups end up in the Asylum.
One of my semi-paranoid, (or is he), security colleagues recently announced, “there are only three photos of me on the internet and I am very angry about that!” think that was his response seeing me uploading images to FaceBook. Yes, I know that I am playing with fire, but hey, my theory is if someone else is going to want my identity, and ruin my credit, or post compromising photos of me, then I will beat them to it! Job done.
Better to take a cyanide pill and control your own demise, than try to go out heroically dying a slow and painful death by torture ~ and prospectively releasing the birth date and mothers maiden name of your best friend under torture.
He is obviously of the opinion that security via some level of obscurity has certain merit. However I wonder how he really controls other prospective information and details such as his licencing, passports, employment, taxation, birth, marriage (and ultimately death), and information provided to financial service organisations, utilities and other agencies. Not to mention his mobile phone transponder logs etc. While the truly paranoid do take some steps and measures to even obscure this information at the end of the day if someone, or a group, have the need and motivation to own you, they will. Time to bring out the aluminium foil hats people!
Of course the next theory is, what could anyone want with my little old identity. This theory is the danger one because those people are naïve to the problems that can arise when their “twin”, same, same but same, starts destroying their credit and therefore name and reputation, or committing other crimes. Try and prove that one.
For those who are not aware, that is one thing, but the next one that arises is those who may be informed but simply choose to do nothing to protect themselves with the classic defence “that will never happen to me” true, true, but its probably more likely to happen to them than they are to win the lottery (even if they buy tickets religiously).
I still figure it is best just to bite the bullet, do the damage yourself and beat the criminals to it !
So what other waypoints are out there on the paranoid to ignorant security scale? Your comments are invited.
I am now off to finish completely populating my Google+ account details .. .. .. has anyone seen where I left my cyanide pill ?