Today's state of insecurity

It was quite a surprise to read that the personal information of 1,200 eBay users was posted online this week. Luckily, as you'll read in our first story, it looks like there was no security breach of the network and it appears that the exposed credit card numbers were not valid. Still, it focuses our attention on the large number of hackers who are out there, waiting and ready to pounce on our data.

I had the opportunity this week to meet with Michael Barrett, the CISO of PayPal, which is now owned by eBay. We talked a bit about the state of security in general and discussed how he and other C-level executives, including the CIO, collaborate at PayPal. I have to say, he has a pretty realistic view. He noted--much to the dismay of his PR reps--that no enterprise can ever be fully risk free, but went on to add that none of us live risk free lives either. The question really is, how much is the right amount of risk to absorb, and what do you have to do to get to that acceptable level of risk? A fortress mentality--the idea that you can keep the bad guys away by building walls and trenches around the enterprise--will not, by itself, help you understand risk or get your organization to that level. What is needed is a culture of security in which people throughout the enterprise have a common understanding of what constitutes risky behavior, and then apply security measures accordingly, as they develop new business processes and collaboration links within and between their enterprises.

In this issue, I also link to an interesting interview with a convicted hacker. In his words: breaking into computers at telecom companies was "so easy a caveman could do it." This 23-year old begins his two-year sentence in federal prison today. Let me know what you think about the state of security--or insecurity-- in your network. -Patty