This paper analyzes several recent breaches of major players in the security industry, in particular security products vendors and Certificate Authorities (CAs). Distinct patterns and relationships have emerged that have allowed the prediction of the next set of potential targets. Without the implementation of stringent compliance standards for CAs one can expect that governments will intervene with the only outcome being a global impact to the freedom of trade.
A dichotomy exists between information and data - and the way that information and data are discussed, stored, protected, and used. Any number of people reading this might identify themselves as working with “Information Systems” in the field of “Information Technology,” and some of them work with “Information Security.” Sometimes they attend meetings and talk about “Information” and “Information Sharing.” But most often they are talking about “data” - data flows, data stores, data shares, data systems, data access, data security, and so on.
There is no need for a primer on the difference between data and information.