On Mon, 23 Sep 2002, T.Kenji Sugahara wrote: > What's needed is buy-in from the Governor on down. (e.g. a fundamental > shift in thinking). > > Each agency head needs to understand the costs and benefits of > security. They need to be advised of the cost of computer insecurity. The problem here is that the people assigned to these posts by the Governor are all political appointees. Here is how it works: A new Governor gets elected. He kicks out the old heads of the departments with his buddies who helped get him elected. Those people go in and change everything around to "make their mark" (kind of like how dogs mark territory) and show that they are "in charge". The people in those agencies are already disolusioned because they have seen it happen every time there is a regime change. Everything gets changed and nothing gets fixed. > Risk management needs to be all over this issue. Identity thieves have > already been caught with copies of DMV records on CD. What's next? > Each breach could cost the state millions with ensuing litigation. > > Would people on this list be willing to put their names on a piece of > paper that says we need to make security a priority in Oregon > government? Eisier said than done. You can make all the proclimations that you want, but you have to have the people to be able to do it. Last I knew the state had a hiring freeze. You have to get past that. The way around the hiring freeze is that they hire consultants. Unfortunatly, who get hired is usually the contracting companies that have connections in Salem. The one I worked for was composed mostly of old COBOL programmers and people who could not get real work. Making the proclimation is one thing. Getting someone in their who can do the job without milking the state dry is another.
This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 23:54:16 PDT