I am extremely happy to share with you  that my ChangeThis manifesto proposal has been accepted.  The topic is "Simplified Security: 25 tips for a company to implement security." My intent of writing this manifesto is help to company of any size to implement information security in a simplified fashion. On one extreme, there are big companies who spend a lot on information security and don't get much out of it and on the other extreme there are small companies who think they cannot afford information security.  I want to reach out to both the extremes and advise them that by using simplified security methodology they can implement security in a prudent budget and not lured to needless spending, driven by buzzword driven marketing of security vendors. 

Please encourage me to write this manifesto by voting for my proposal at:

http://www.changethis.com/proposals/524

Your votes really count and will be a motivating factor for me to excel in writing this manifesto.

Last Thursday, I met with my past manager over lunch. We were talking about our good old experience at Excite@home. Here are some things that we wondered together about security:

Gone are those days, when we thought perimeter security was just a router access list.

Gone are those days, when we did not have anti-virus on our desktop and were not worried about the infection.

Gone are those days, when password expiry meant strong authentication.

Gone are those days, when you could telnet across systems and never worry about cleartext transmission.

Gone are those days, when you received couple of spams in few days.

Gone are those days, when there was no information security team even in companies of few thousand employees.

Gone are those days, when security was just an option not law.

Gone are those good old carefree days!