Re: [ISN] Gates pledges better software security

From: InfoSec News (isnat_private)
Date: Sat Jan 25 2003 - 03:01:55 PST

  • Next message: InfoSec News: "[ISN] White House CyberSecurity Adviser to Resign"

    Forwarded from: Kurt Seifried <kurtat_private>
    
    This is interesting as it poses the potential to be a VERY good thing.
    But I doubt it will be a very good thing.
    
    Quick background:
    
    Kurt got a book on knowledge management (buzzword bingo score: 4
    points). One of the big themes is that complex systems need to be
    adaptive and evolve. This requires there to be some sort of learning
    mechanism(s). Most often these mechanisms must be present at multiple
    levels and can be quite different. A university for example: students
    learn, students fill out course evaluation forms, teachers research
    and publish articles, research in conducted at personal, group,
    departmental and other levels. There are processes in place to create
    new courses, and even new faculties should something new arise
    (Computer Science being a recent example). Universities are (generally
    speaking) VERY well equipped to meet the future, because they have
    sunch ingrained learning processes and the support to implement what
    is learned.
    
    Computer and Information Security, in almost all settings and
    organizations (Vendors, Users, etc.) has shown time and time again
    that these learning processes are not in place. Consequently the
    industry is in a complete shambles, with no real hope in the near
    future. Bills like this one can potentially get people to start
    implementing learning processes, i.e. establish within the company a
    group to identify IT related problems and then solve them, I'm talking
    much higher level then "viruses are a problem, let's educate users and
    do foo bar and baz to block viruses". Things like "We see security
    challenges, let's set up a forum where people can bring concerns,
    let's make a list of people internally and what their skills are so we
    can form groups of appropriately skilled people to deal with these
    concerns, let's list managers so we know who to contact with respect
    to concerns, etc, etc".
    
    ==========
    
    The funny thing is I sent the above email, exactly as is with respect
    to a completely different topic, but same issue. We have to get
    learning processes in place, and the meta processes that manage these
    learning processes.
    
    
    Kurt Seifried, kurtat_private
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 11:39:08 PST