Sealing your site


[What a circus. In the background.]

ENISA recently announced it wants an upgrade of the ‘reliability’ of web seals.

Nice. BUT anything out there will be:

  • Copied and replayed at third party sites, differences being inobservable to the average hooman;
  • Placed without being warranted for the info presented, at / after some point in time. The ‘certification’ is there, so don’t bother keeping up to ever spiraling up security requirements;
  • Valid for some time only, with all sorts of re’certification’ / failed update issues.

All the ENISA talk about automated checking, etc., would be very welcome, but no-one would want the accountability when (not if!) the automated checks are subverted i.e. fail to check at semantic level as well as all the way down. The ‘net just cannot be trusted per se ..!

The principles are nice, and kudos to ENISA for calling out the need for improvement. But the principles will suffer badly when implementation time comes around, and in BAU – between dream and action, there’s laws and practical objections.

So let’s (have someones) pursue this. It’ll take time, and we’ll have to learn from mistakes… but still.

Advertisements

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in Information Risk Management, Information Security, Innovation (technologicallly driven), Privacy. Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s