Re: Opinions sought...How much information is to much to "give away"?

From: Raymond Lillard (rlillard_at_sonic.net)
Date: 06/30/05

  • Next message: migalo digalo: "Masters program for Information Security in Europe?" 
    Date: Wed, 29 Jun 2005 15:05:59 -0700
To: Kevin Kasner <tkevink@gmail.com>

    Kevin Kasner wrote:
    > My backup vendor recently interviewed me for an article because I'm
    > using their encryption package. They have sent me the article for
    > review, so I still have a chance to change how much information is
    > disclosed...
    >
    > In the course of the article, several things are revealed about my environment:
    > 1) My backup solution & what types of data are encrypted in my back
    > ups (ie: customer data, AD/LDAP info, databases, server O/S's), and
    > that I have off site storage of tapes
    > 2) My OS mix (ie: Windows, ...)
    > 3) the fact that I have "separate solutions" for firewall, IDP,
    > remote access, and network monitoring

    I would avoid ANY discussion of my face toward the Internet that
    is traceable to you or your company. No discussion of firewalls,
    intrusion detection, virus and spam filtering, VPN solutions ...
    nothing. No pictures that include your outward facing machines
    either. If they want a pix of your data center, I'm sure you can
    arrange to keep internal machines in and all others out.

    A simple sentence that you have "separate solutions" for external
    security is IMHO OK, so long as no specifics are mentioned.

    > 4) Who we are and what city we are located in.
    >
    > So...I'm looking for some honest opinions on whether I'm giving away
    > too much info.

    The vendor does need enough from you to make the article
    real, and I would feel comfortable talking about their
    product so long as it did not touch item #3 above.

    Just my opinion.

    Ray

  • Next message: migalo digalo: "Masters program for Information Security in Europe?"