There’s no such thing as Great Security. Not that I’d forgotten, but if I had, attending CanSecWest this week as I am sure would have cured my amnesia.

I’m not even sure what Great Security is. At least, not where the rubber hits the road. Security itself is an abstract noun, nothing more. An idea, a concept. Great Security, by definition, is made of the same raw material, only better.

But I’m pretty sure I know what Good Security is. I don’t feel a need to define it in crisp terms. My company’s byline, Good Security Follows the Grain of Good Business, captures reality as I see it. Take whatever makes Good Business, dream up some security objectives, then apply the former to the latter.

So what makes Good Business? For a Great Answer, read any best-selling business book. (You’ll probably have to do a global string replacement from “Great” to “Good.”) If you want to save some time and money, here’s a Good Answer: Among other things, Good Business is a function of knowing exactly what you aim to do; exactly how you intend to do it; roughly what you’re going to do when (not if) things don’t pan out the way you thought they would; and exactly how you’re going to adapt to achieve results as least as good as you originally planned.

After all, which of the following combinations are realistic?

• Bad Business, Bad Security
• Bad Business, Good Security
• Good Business, Bad Security
• Good Business, Good Security

The second one might be, but unless your investors have a distaste for money, not for very long. The third is not - it is in fact an oxymoron - despite what some businesses would have you believe.

The first and fourth are perfectly realistic. Pick one.

By Ira Winkler

I was just reading how the IRS lost 500 laptops that likely contain sensitive information. In response, they want all laptops to be encrypted. I am actually very much in favor of that.

(more…)