Who watches the watch persons?
Now that I’m working more closely with our newly hired Risk Officer, I finally got the feeling, who is watching me? He is; as I watch everyone in our organization. Perfectly fine. It did shift my thinking a bit.
Today news came out that MSFT’s Security team is releasing a feed from their globally distributed network of anti-malware sensors, meaning every single computer running Windows, for accessibility by goverments and ISPs to help assist with isolation and early detection of cyber war called Cyber Threat Intelligence Program (C-TIP). Updates will be sent across the feed every thirty seconds. I am curious why they don’t release this feed data publicly. I’d sure like to have access to it in for our IDS.
Additionally, yesterday, I implemented a PKI for use internally in our organization and quickly realized that by default the Chrome browser does not check CRLs, nor is it a static requirement of IE. After coming across a great document on distributing Chrome settings via GPO by the NSA, I was a little more calm. While researching the issue, I came across CRLset, a “Google system” that crawls the web for CRLs, parses then combines them, and distributes the package to Chrome browsers via an update.
Both of these are an example of large companies taking responsibilities away from end users in order to better protect them. The only problem is, are there real gains or losses in protection? Privacy?
So I ask, who watches the watch persons?