[ISN] Letter to the editor - Token effort on IT security

From: InfoSec News (isnat_private)
Date: Tue Apr 16 2002 - 00:34:24 PDT

  • Next message: InfoSec News: "[ISN] Can you trust an ethical hacker?"

    http://www.fcw.com/fcw/articles/2002/0415/web-letter-04-15-02.asp
    
    April 15, 2002
    
    Why is information technology security a problem? Nothing gets
    management's attention unless it is bleeding or causing adverse
    publicity. Therefore, IT security will get no attention unless it is
    causing mission problems or getting bad publicity. Management will not
    give resources to anything that doesn't "squeak" louder than other
    issues.
    
    No agency is doing a decent job of training personnel in IT security
    issues. High cost; therefore, only token effort.
    
    Note: The Computer Security Act has been in effect for 15 years, but
    to this day, most agencies have (at best) implemented only small
    pieces of the requirements of this act. Life cycle management  truly
    integrating IT security into the whole process  isn't happening.
    
    Congress does a great job of mandating certain actions or activities,
    then providing zero resources to the agencies to actually implement
    the activities. If the Hill truly wants something done, they must be
    prepared to fund them. They can always find resources for some pork
    project that only benefits a few representatives or senators.
    
    Very few agencies have a comprehensive IT security policies and
    procedures document. Fewer still have actually communicated that
    document to the offices that must implement it. Fewer still provide
    the authority to the IT security manager to enforce the
    implementation.
    
    So, why do we have problems with IT security??? Sigh!
    
    Too many managers think that IT security is firewalls or
    intrusion-detection systems. It isn't. There are several others that
    are important, but you get the idea.
    
    Name withheld by request
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 03:43:42 PDT