Interview: Ira Winkler, author of Spies Among Us
David Geer recently spoke with Ira Winkler, author of Spies Among Us. Winkler is also the President of Internet Security Advisor's Group and a former employee of National Security Agency. Following is an edited transcript of that conversation.
You may also listen to the original interview here, or visit our Podcast Center for more audio interviews.
David Geer: What single theme defines you with respect to how you approach security issues?
Ira Winkler: I look at security much more as a process issue. A lot of people tend to say it. I've kind of lived it ... where it doesn't matter to me what sort of process controls or what sort of technical controls are in place. It's the use of the technical controls or the operational controls that actually make a difference with regard to security. You could add the best technology in the world, but the best technology in the world, not used properly, becomes completely worthless and works against you because it gives you a false sense of security. I [also] don't look at computers for the sake of computers. Computers are generally useless. What's valuable about computers is that the information or services they provide. I don't even approach security as trying to make computers secure. I look at security as a way of protecting information as a whole. Another thing that kind of makes me unique is the way I look at things in general. I try to look at the very basics of security, [and] how can [the basics] either be compromised or how can they be better secured?
Geer: You've done security work for the government and you've done it for public corporations. What kind of issues actually appear in both the corporate and government worlds -- things that people might actually be surprised or shocked [to learn]?
Winkler: It all still comes down to the basics. There's a lack of basics inside the government, like there's a lack of basics outside the government.
Unsecured web servers, for example, have been a major pain that's caused a lot of information leakage and a lot of embarrassment. Ways you set up and give out information. Private companies don't have good policies in place in much the same way that we've seen leaks in the Federal Government, because again, the processes and the policies in place are not really that great.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
