Re: [ISN] Clarke warns educators about need for better security

From: InfoSec News (isnat_private)
Date: Thu Jun 06 2002 - 20:13:16 PDT

  • Next message: InfoSec News: "[ISN] Hacking puts 4,500 students grades in doubt at Western High"

    Forwarded from: dont <dontat_private>
    > "In three to four years, we will have a billion IP addresses," he
    > said. "Do we still want to use TCI/IP? Do we still want the same
    > domain naming system? Do we still want the same wireless security
    > we're using today?"
    Well, back when this was first done, it was actually pretty
    well-funded. Research funding nowadays seems primarily tied to
    products, not growth of the field.  In terms of actual knowledge of
    computer security issues, we have grown little.  Not only do we fail
    repeatedly to put into practice "lessons learned", but we still do not
    have a good grasp of what the true defining questions are for us to
    research.  No one can concur on the problem space definition, and,
    worse still, the problem space changes rapidly over time.
    Give academia money for basic research, and not tied to development,
    and maybe we will get surprised.
    > "Schools are pumping out too many students who approach security
    > mechanically from an engineering perspective," said Nimal Jayaratna,
    really?  where?  pumping out "too many"?  I would love to see data on
    this... however, asking people to validate their claims is something
    we don't do anymore.
    > Some educators, such as Alexander Korzyk, assistant professor at the
    > college of business and economics at the University of Idaho in
    > Moscow, Idaho, questioned whether information security should remain
    > in the computer science discipline at all, or be moved to areas of
    > study more reflective of business risk issues.
    I can go along with the cross-disciplined idea, but I am fairly
    uncomfortable (ok, maybe incredibly scared) with MIS people taking
    over the research in this field.
    Yes, businesses should be aware of it, but honestly, I would rather
    try to teach comp sci folks about business analysis than the opposite.
    If you must choose between 2 evils, pick the one you've never tried before
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 23:03:12 PDT