RSA, aside from being the security arm of data and storage specialist EMC, has been hosting an annual security conference in the US for years which routinely attracts the best and brightest from the IT and security worlds including Bill Gates and Al Gore. Competing with the likes of Infosec in the UK, the European version of the event doesn’t attract quite the same level of speakers as its US sibling but can still boast luminaries such as BT security iconoclast Bruce Schneier and last year’s guest speaker, former fraudster-turned-security expert Frank Abagnale.
The organisers of the RSA Conference like to have a theme to pull all the disparate elements of the show together. Last year, the show was themed around the achievements of UK computing pioneer and codebreaker Alan Turing. This year’s show continued the cryptographic theme but from the more esoteric perspective of novelist Edgar Allan Poe.
While Poe’s The Gold Bug famously includes a cypher-based search for treasure, his tale of The Black Cat probably has more in common with the themes explored at this year’s show. In the story, a man murders his wife while in the throes of trying to kill the family cat. The cat’s plaintive meowing eventually gives away both crimes and Poe uses the story to illustrate the idea of the unintended consequences that wait in store for even the most effective strategist.
Jumping from the 19th-century to the present-day zeitgeist of social networking, the show included a warning about the consequences of interactive web sites on corporate security. While some CIOs might look to block access to Facebook through fears of lost productivity, the real concern should really be the exposure of so-called ‘gateway data’, Herbert ‘Hugh’ Thompson, chief security strategist for People Security and professor in the Computer Science department at Columbia University in New York, told RSA delegates. Thompson defines gateway data as innocuous information that, when disclosed, can be used to access secure systems. “You might never heard of a the term ‘gateway data’ before but that’s because I totally made it up,” he said. “Basically it’s data that seems harmless but when used properly can facilitate access to highly sensitive information.”
For more go to CIO.co.uk