On Mon, Feb 16, 2015 at 1:48 AM, Florian Bösch <pya...@gmail.com> wrote:
> On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
>> For the second point, and as a security architect, I regularly reject
>> browser-based apps that operate on medium and high value data because
>> we can't place the security controls needed to handle the data. The
>> browser based apps are fine for low value data.
> I'm not sure what "high value data" is. But I'm fairly sure that just about
> any e-banking solution in existence is browser based. So I'm guessing your
> definition of "high value data" doesn't include banking access. You work for
> the NSA? Oh snap, the high value data just walked out there on a USB stick.

Each organization classifies its own data according to its own risk posture.

High value data would include, for example, Executive Compensation,
Pending Litigation, and Mergers & Acquisitions. Heck, even some movie
studios classify movie trailers as high value until they are released
in theaters.

I don't work for the NSA, but I have done a lot of work in US Federal
and the US DoD.

I have not drank the Web 2.0 koolaide. We still need security controls
commensurate with the data sensitivity level.


Reply via email to