I normally blog about data security issues – I specialize in helping medical device manufacturers secure their software, protect their patient data and comply with regulations like HIPAA.

However – the recent terror flotilla to Israel, the double moral standard of the UN Human Rights Council condemning Israel 25 times in the past 3 years without condemning once human rights violations in Iran and Darfur – makes one pause to think.

In Israel there is a general feeling that Israelis are to blame for the world hating Israelis.

There are at least six versions to this way of thinking – first is anti-semitism (people hate Israelis because they are Jewish), a second version is that extreme left university professors have provided the political rhetoric and ammunition for our enemies,  a third version is that our political leaders are weak and or corrupt (Bibi and Barak),  a fourth version is that the occupation has corrupted Israeli morals, making Israelis despicable in the eyes of the world, a fifth version is that if we would only get our public relations sorted out and speak with a British accent – then the world would accept Jewish presence and a sixth version says that the Palestinians, Iranians and Syrians really want peace – and that if Israel would only stop the occupation and down-size, then we would have peace and the world would accept the Jewish nation – once it had been reduced to an acceptably small, bite-sized portion.

I believe that all versions rest on one question which has not been fundamentally tested – which is what do our neighbors really want?

Deborah Fink from the organisation Jews for Boycotting Israeli Goods (J-BIG), said it was “disgusting” that so many children were present to support the Israeli state.

They’ve been brainwashed. We wouldn’t bring loads of children out to things like this. They go to schools where they’re brainwashed with Israeli propaganda.

Ms Fink is one of many British Jews who campaign for an end to the occupation of Gaza and the West Bank.

Apparently Ms. Fink is mind-controlled by Palestinian propaganda and has conveniently forgot that Israel does not occupy Gaza, having left that area almost 5 years ago. Read more at BBC News – Gaza Crisis. I recommend that Ms. Fink read about the unilateral disengagement from Gaza in August 2005.

Unfortunately, we – Israelis are mind-controlled as well and have forgotten our primary mission – which is the development of the state of Israel – not down-sizing, not outsourcing nor appeasing terrorists.

There is I believe, a fundamental misunderstanding of what makes terrorists tick.

In order to test the assumption behind the various Middle East peace plans of the past 30 years – it is important to test an important hypothesis – “Israel’s neighbors want peace”.

Let’s conduct  a “gedanken experiment”  using 2 assumptions, which I believe are accepted by most politicians today – and consistent with US, Russian and European foreign policy:

Since there is wide agreement in Israel, the US, Europe and Muslim countries, that Israel holds the keys to regional peace – then it becomes a question of price – how much are the other parties (Syria, Palestine, Iran, Turkey …) willing to pay to acquire that product – i.e. peace.

The price might be – how much land Syria is willing to give us in return for peace or how much water Turkey is willing to give us in exchange or how much land Palestine is willing to pay in return for peace or how badly Iran wants Israeli  technology for clean power generation.

Once we have agreed on the price – it’s just a question of agreeing terms of payment and issuing the PO.

If the thought experiment is correct then, the current Israeli strategy of paying the buyer to take our product seems ludicrous.

If the thought experiment is incorrect – then one or more of our assumptions must be false – either our neighbors don’t want peace, peace is not a valuable commodity or – Israel doesn’t hold the keys to acquiring peace in the Middle East.

Reading past the political vitriol of Iran and Abu Maazen,  it’s therefore important to examine our assumptions, starting with the question – “What do terrorists really want?”  and understand why Israel is losing the war against terror.

Does this look simple to you?

I think it’s time to get back to security basics after reading the news this morning.

Yesterday, there was a  run of high profile data security events: the  Mozilla store data breach, the  DDOS attack on Twitter and Web defacing  by a Palestinian cyber-terror group on leftist Israeli Kadima party (second time in the past 18 month – this seems like biting the hand that feeds you, considering the Kadima record in attempting to attain peace with appeasement and corruption).

So – let’s get back to basics.

Here is a security policy with  6 basic security countermeasures for effective enterprise information protection and data loss prevention.

1. Change default passwords that come with applications. Change those admin/admin username/passwords and change default Oracle passwords.
2. Forbid shared username/passwords for systems with sensitive data
3. Review user account privileges once / quarter.  You may be surprised that a one-time privilege granted to a user is still there. In a large company – this should be done by a supervisor. Doing this will raise awareness and place more responsibility on employees and line managers.
4. Identify critical systems and perform a software security assessment.  In our data security practice in Israel and Central Europe, we have discovered that over 50 percent of data breaches were related to software bugs.  Use the 7 step Business Threat Modeling methodology to do the software security assessment
5. Patch to operating system vendor requirements. In Windows, Ubuntu and Red Hat Linux it’s automated and work that can be scheduled.
6. Monitor for data security events on the network using the Fidelis Security XPS system (which can monitor and prevent data loss events bi-directionally inside the network or at the perimeter) or with Verdasys Digital Guardian agents at the point of use.

Free online workshops in information security Join us for an exciting series of 6 free online workshops on data security best practices at work, at home and for SMEs – Register for the workshops now! Preventing intellectual property abuse Protecting information at pharmaceutical firms What is the right way to protect intellectual property from theft and abuse? Start by testing two hypotheses – 1) that information leakage is currently happening and 2) that a cost-effective risk mitigation plan can be defined and implemented. Read more Preventing intellectual property abuse Professional services Data loss prevention solutions For creative, effective and out-of-the-box data security solutions contact us. Ten reasons you should work with us What risks really count for your business? Use the 7 step Business Threat Modeling methodology to diagnose and quantify threats to customer data, strategic plans, marketing and pricing data. Business threat modeling information assurance Your employees send confidential documents to Gmail, but how do you quantify and mitigate the risk? The Great Financial Crisis is a new spin for security vendor PR people, but in our experience most firms don’t know what data is leaving the company. Your first step to being more robust to an unexpected, high-impact data breach isdata discovery and business threat modeling. Contact us today and learn more. Free download Business threat modeling Business management Preparing for a disaster Be prepared with a good disaster recovery plan. The DRP is designed to assist companies in responding quickly and effectively to a natural disaster or terror event and restore business as quickly as possible. Read more Preparing a disaster recovery plan. Security management If you know what your assets are worth, it’s easy to ask for, and get a discount Data security is often brushed aside due to budget limitations disregarding the value of company data assets. Take a clear position on which data assets are important and how much they’re worth to the company Read more Ten steps to protecting customer data and intellectual property. Software development risk 10 Top Mistakes of Embedded Linux Users Picking a large foreign company for support is not the best way to go for various reasons and for smaller embedded systems, Intel isn’t necessarily the best choice. Read more The 10 Top Mistakes of Embedded Linux Users make. Risk assessment IT Risk Assessment is dead Does your IT security look like TIA – a lot of senseless shooting? Risk assessment, as currently practiced in IT security, is dead, but if we take a brick and mortar approach – we can improve security at reduced costs. Read more The death of risk assessment. Join the Software Associates network today : : Contact us Subscribe to our RSS Feed Free risk assessment software

Hellman proposes that we need a  third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been reduced by several orders of magnitude from today to an acceptable level.

This makes sense and it’s an intriguing idea as an exercise in risk analysis of information security and data protection to see if there is a third state of reduced risk that where the risk of data breach and major data loss events is reduced to acceptable levels.

That’s one thing that got me thinking.

The second thing is the quote from Fyodr Burlatsky, one of Khrushchev’s speechwriters and close advisors, as well as a man who was in the forefront of the Soviet reform movement:

In Krushchev’s eyes [America insisting on getting its way on certain issues] was not only an example of Americans’ traditional strong arm policy, but also an underestimation of Soviet might. … Khrushchev was infuriated by the Americans’ … continuing to behave as if the Soviet Union was still trailing far behind.

So here we are – 2009 and President Obama is insisting on getting his way on certain issues with the  Iranians, who pose a serious nuclear threat to the world.  But no only Ahmadenijad – the Russians and the North Koreans are also  infuriated by the Americans’ … continuing to behave as if they are still trailing far behind.

Do definitions matter?

The PCI DSS 1.2 standard confusingly labels anti-virus “threat management” and security folks often confuse a vulnerability (a state of weakness of an asset) with a threat (something or someone that exploits the vulnerability to cause damage to the asset). I guess it’s ok – after all, information security is not life and death like the war against Palestinian terror.

The US State Department appears to be confused – are we fighting “militants” or “terrorists”?

Here’s what I mean.

The American Embassy in Tel Aviv came out with a travel warning for US Citizens in Israel December 30, 2008:

U.S. Government Employee Travel Restrictions Due to IDF’s Gaza Operation and Longer Range-Rocket Attacks against Israel by Militants and Terrorist Organizations in Gaza

A common definition of terrorists are people who attack civilians.   It seems that makes all of the Palestinian organizations terrorists ne’st-ce pas? Here’s the full announcement: