How it works :
When we are not working for someone else we work for ourselves, under the name Cobb Associates. Chey Cobb is currently available for consulting and writing assignments. Stephen Cobb is currently with Monetate, helping evangelize the company's software.
The work of Cobb Associates focuses on maximizing the benefits of information technology to enterprises, governments, and communities through technical innovation and the reduction of IT-related risks. We publish articles, conduct seminars, address conferences, and perform a variety of consulting tasks for a wide range of clients. To learn more about the type of work done by Cobb Associates, read on...
Articles on SearchSecurity... Security blog posts... Privacy blog posts...
Our associates have been engaged by organizations such as AT&T Wireless, Sprint, Microsoft MSN, New York City, Edward Jones, Securities Industry Automation Corporation, IBM, ICSA Labs, Hoover, Conoco, Lawrence Livermore National Laboratory, VNU Business Publications, Avery Dennison, Merck Medco, the National Reconnaissance Office, and the Federal Trade Commission.
The thinking behind it:
Human beings have been living in the information age for some time, but we would be foolish to think we fully understand what that means. We know that information technology has the power to greatly accelerate the rate at which information can be gathered, processed, and disseminated; but we also know that not all the implications are good. The confidentiality, integrity, and availability of information but be protected. Privacy must be respected.
Information technology itself draws no distinction between good information and bad information; nor does it distinguish between good ends and bad. Those distinctions are left to the creators and users of the technology.
Therefore, there is an urgent and ongoing need to understand the implications of both existing and emerging technology, and not just for the enterprises that deploy it. What are the implications for personal privacy? For the economy? For the community? For the rights of intellectual property owners? For the facilitation of bad acts by bad actors?
Information security is about all of the above. It is also about the need to teach appropriate and responsible use of technology. Failure to do so has serious long-term implications for the global economy.
One of the lessons we have learned over the last twenty five years is that technology's ability to police itself is severely limited. Technology alone cannot stop people trying to abuse technology; it can only limit the extent to which they succeed. But education has the power to alter human behavior and work with technology rather than against it. The goal? Fewer people trying to abuse technology and even fewer succeeding.
The trust factor:
Trust is a vital ingredient of healthy social, economic, and political life. Without trust, growth is stunted. Information technology has the potential to both build trust and promote growth or undermine trust and weaken enterprises, societies, and economies.
Without adequate attention to trust during the design and deployment of information technology, its full potential will not be achieved. There is even the potential for information technology to do more harm than good, create more mistrust than trust, more cost than revenue, more loss than profit. We endeavor to help enterprises avoid those pitfalls and make the most out of information technology. In our opinion that is what information security is about.
Going forward by going back to basics:
At times, information security can seem like an impossible challenge. Information technology is evolving at a breath-taking pace. The sporadic outbreaks of breathless consumer media hype add to the dizziness. Reading the trade press can stun you with its seemingly endless stream of alerts, holes, attacks, exploits, threats, statistics, and misdeeds. The steady drip of privacy breaches alone could make a person despair.
However, it is important to bear in mind that there is a solid and unchanging core of logic and common sense that grounds information security and privacy protection. When you strip away the razzle and dazzle of the latest worm outbreak or spear-phishing attack you find age-old motives dressed up in new clothes. When you recognize that, you can get on with calmly creating and maintaining your defenses based on age-old principles, starting with the basics. Read more...
Stephen Cobb