Random Bits

Upcoming:
Co-facilitating with Aaron from PSC the "Building an Effective Security Program" breakout at the NSF Large Facilities conference. It's nice that the topic is so clearly defined and narrow (!).

At NLIT 2008, something about federated identity management - but I haven't exactly figured out what yet.

Speaking of NLIT, we have way too many things that begin with NL now, most of them unpronounceable. NLDC, NLCC, NLCIO, NLIT, NLCRO, NLCOO.. they need to take some lessons from DOD on pronounceable (and badass) acronyms.

Random Bits:
I really enjoyed the discussion here about blocking outbound SMTP. When you get halfway through the UC people really come out in force against the trend towards locking things down in a research setting. Mother May I is not a good game to play with researchers, unless you can make it extraordinarily transparent and simple.

Finally, all of our colleagues in both R&E and .gov are struggling with what to do about new rounds of highly targeted phishing. It isn't clear to me where this ends. You can train people to avoid paypal phishing, but this new stuff isn't nearly so straightforward. And as we found the last time we really stepped up awareness on this issue, making people overly fearful of email doesn't exactly do the institution any favors either. As in all things security, it's a delicate balance - but the risk is clearly shifting again.