Oregon had computers in 1859 ? Wow, I am impressed :-) But seriously, could you clarify a bit on what the consitutions really means here ? Presumably it mandates three separate branches of govt, ie executive, legislative and judicial. Those three branches need to be separate. But is there anything stopping centralization within each branch of govt ? CFR. > It might be helpful to consider that the State of Oregon is a decentralized > organization. Not all agencies even report to the Governor. No single person > can mandate security rules... by the charter established in 1859. > > James R. Wilcox, CISSP > 10433 SW 53rd Ave > Portland, Oregon 97219-5837 > 503 245-6934 > 503 799-8438 mobile > > -----Original Message----- > From: owner-crime@private [mailto:owner-crime@private]On Behalf Of > alan > Sent: Monday, September 23, 2002 2:54 PM > To: T.Kenji Sugahara > Cc: Andrew Plato; crime@private > Subject: Re: CRIME Computers vulnerable at Oregon department > > On Mon, 23 Sep 2002, T.Kenji Sugahara wrote: > > > What's needed is buy-in from the Governor on down. (e.g. a fundamental > > shift in thinking). > > > > Each agency head needs to understand the costs and benefits of > > security. They need to be advised of the cost of computer insecurity. > > The problem here is that the people assigned to these posts by the > Governor are all political appointees. > > Here is how it works: > > A new Governor gets elected. He kicks out the old heads of the > departments with his buddies who helped get him elected. Those people go > in and change everything around to "make their mark" (kind of like how > dogs mark territory) and show that they are "in charge". The people in > those agencies are already disolusioned because they have seen it happen > every time there is a regime change. Everything gets changed and nothing > gets fixed. > > > Risk management needs to be all over this issue. Identity thieves have > > already been caught with copies of DMV records on CD. What's next? > > Each breach could cost the state millions with ensuing litigation. > > > > Would people on this list be willing to put their names on a piece of > > paper that says we need to make security a priority in Oregon > > government? > > Eisier said than done. You can make all the proclimations that you want, > but you have to have the people to be able to do it. > > Last I knew the state had a hiring freeze. You have to get past that. > > The way around the hiring freeze is that they hire consultants. > Unfortunatly, who get hired is usually the contracting companies that have > connections in Salem. The one I worked for was composed mostly of old > COBOL programmers and people who could not get real work. > > Making the proclimation is one thing. Getting someone in their who can do > the job without milking the state dry is another. >
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 11:05:48 PDT