Blog: The Risky World

October 9, 2008
By H. Mosher

Lt. Gen. Harry D. Raduege Jr., USAF (Ret.) posits some interesting questions in this month's incoming columns. Looking at the nature of enterprise risk, he wonders whether any of our readers have ever been notified that their personal data had been exposed:

I have ... and it is not a comforting feeling. It also makes you immediately question the care and practices of the organizations that solicited your trust in safeguarding your private information.

Today, we find a common thread in our net-centric world: Business opportunity and information dependence breed business risk. In particular, risk to security and privacy is present in huge doses every day. But how should we best manage the information risk coming through the door, over our firewall and through our software on a continual basis?

We all realize that the risk to our national security, business and personal data is growing. Our information networks and means of storage are increasingly vulnerable to attack and compromise. Is it any wonder that new terminology such as enterprise risk management (ERM), risk intelligence, risk assessments and business risk have become so common? Today's business environment is full of risk, whether it involves national security, intelligence gathering, transportation, operations, medical, logistics, sales or any other business activity.

You can read his entire article and suggestion for managing enterprise risk here, but in the meantime, you can comment on the issues he brings up right here on SIGNAL Scape. Have you had any experiences with your personal information being compromised? What do you think needs to be done to stop this from happening?

Share Your Thoughts:

As a consultant for several years after retiring from Federal Service, I now teach computer engineering and information security. I believe that we have the solution already, but it is slowly being implemented at all ends of the Internet and in systems processing personal ID and accounting information. It is not unique to the Internet, since it can be installed in many ways not involving electronic transfers. The it is "multilevel security," which comes in a verity of packages to match the level of security being sought - high to low - given the risk of information theft. When this methodology is implemented that possibility of hackers and identity thieves getting into accounts and stealing information is reduced from 2.5 percent (FTC study release) to less than 0.10 percent or 1:1,000 attempts. There are no fool-proof methods, because the people who have accounts are not fully award of the risk they are exposed. Lets say that if you know the day and hour that the thief was coming, you would be more proactive in taking measures to prevent their success. In real life you might know or see something around you while at the store or bank ATM. Then you would be more careful about what they see. On the Internet it is a different story. You just can't see it coming - it a stealth (blind) intruder who is stealing you personal account information using simple tricks, such as false long-ins, phony request for information by e-mail, or even phone calls from other than your account manager.
Something simple like this will reduce the odds of becoming a victim to Identify theft.

Share Your Thoughts: