Dave's Bit Bucket

Dave Walker's jottings - mostly pertaining to security

All | Cooking | General | Java | Networking | Security

« Previous day (Mar 26, 2007) | Main | Next day (Mar 27, 2007) »
20070327 Tuesday March 27, 2007

A disclosure state machine for Robin

Robin Wilton blogged recently on "breach notification, UK style", and was scratching his head regarding how to determine the source of a leak if you have to make multiple disclosures.

I think I have an answer, although it involves a lot more housekeeping and records management on the part of the person managing the disclosure. In short:

  • Start with your database, containing some bogus records.
  • When a disclosure demand comes in, change sensibly-changeable elements of all the bogus records and archive the details of what the new bogus records are and who the disclosure is being made to.
  • Take your database snapshot.
  • Change your bogus records back to what they were (ie your "internal bogus" set).
  • Protect and ship your snapshot as required.
  • Iterate for each disclosure, making sure that a bogus profile is never wholly replicated across disclosures
...thus, if you see a bogus record out in the world, you'll not only have an excellent chance of knowing which copy of your data was mishandled and who you had sent it to, but if you have some contractual obligation which (say) requires you to make an annual disclosure to some body, you'll be able to tell which vintage of disclosure was mishandled (which may well be useful in the forensic process).

As Robin adds, "There's also a very predictable short-term consequence, which is that if you include the bogus records, you'll get a deluge of fraud allegations from the Audit Commisson because you appear to have a load of non-existent people on your payroll - with bank details and everything."

As usual, he's quite right. I suspect that persuading the Audit Commission to accept and approve the concept of bogus records would be "difficult" to say the least, but things may well have to go that way. Maybe a better way to do "Full Disclosure" to the Audit Commission in particular when they decide to land on you, would be to send a separate and differently-protected disclosure to them, saying "and these are the bogus records in the main disclosure we just sent you"?

Robin thinks that this is very much "swings and roundabouts" - I'm more inclined to see it as "turtles all the way down" :-).

(2007-03-27 03:05:32.0) Permalink Comments [0]

Calendar

« March 2007 »
MonTueWedThuFriSatSun
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today

RSS Feeds

XML
All
/Cooking
/General
/Java
/Networking
/Security

Search

Links

Innovate on OpenSolaris

  Read via bloglines :
British Blog Directory.


Navigation


blogs.sun.com
Weblog
Login


Referers

Today's Page Hits: 16