RE: CRIME Computers vulnerable at Oregon department

From: Andrew Plato (aplato@private)
Date: Tue Sep 24 2002 - 13:36:54 PDT

Next message: Andrew Plato: "RE: CRIME Computers vulnerable at Oregon department"

Previous message: T. Kenji Sugahara: "Re: CRIME Computers vulnerable at Oregon department"
Maybe in reply to: brvarin@private: "CRIME Computers vulnerable at Oregon department"
Next in thread: Andrew Plato: "RE: CRIME Computers vulnerable at Oregon department"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

List! Heck, I'd give them a discount on my service and donate my time
if it would help make things better. The problem is, as you pointed 
out, the intense political aspect of these agencies. Its very hard 
to get things moving. And all the various turf-lords fear that any 
form of security will usurp their power and authority. And the holy 
wars. Oh God, I've sat in some meetings where people were literally 
foaming at the mouth over their various sacred cows of technology. 
There is so much intolerance and grandstanding among some technical
 people that getting them to start thinking securely and practically 
is like trying to move Jupiter into a different orbit.  

That coupled with the fact that it takes them an eternity to get 
funding for these things. And there are usually 98 rounds of analysis 
and review that quickly saps the patience of the really sharp people. 

The key really is to set some PRACTICAL standards, audit them regularly,
and force people into compliance. The only way to do this is a 
top-down buy in  from the governor, legislature, and the various 
turf-lords. Which means somebody has to tell these people - now 
is the time. 

Maybe the Oregon security community needs to draft some kind of 
letter that says "Security is important. Do it!" Send it to the 
governor, legislature, etc. and see if that fires them into action. 

------------------------------------
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

(503) 644-5656 office
(503) 201-0821 cell
http://www.anitian.com
------------------------------------


> -----Original Message-----
> From: T. Kenji Sugahara [mailto:sugahara@private]
> Sent: Monday, September 23, 2002 11:00 PM
> To: alan
> Cc: Andrew Plato; crime@private
> Subject: Re: CRIME Computers vulnerable at Oregon department
> 
> 
> What's needed is buy-in from the Governor on down.  (e.g. a 
> fundamental 
> shift in thinking).
> 
> Each agency head needs to understand the costs and benefits of 
> security.  They need to be advised of the cost of computer insecurity.
> 
> Risk management needs to be all over this issue.  Identity 
> thieves have 
> already been caught with copies of DMV records on CD.  What's next?  
> Each breach could cost the state millions with ensuing litigation.
> 
> Would people on this list be willing to put their names on a piece of 
> paper that says we need to make security a priority in Oregon 
> government?
> 
> 
> 
> 
> 
>

Next message: Andrew Plato: "RE: CRIME Computers vulnerable at Oregon department"
Previous message: T. Kenji Sugahara: "Re: CRIME Computers vulnerable at Oregon department"
Maybe in reply to: brvarin@private: "CRIME Computers vulnerable at Oregon department"
Next in thread: Andrew Plato: "RE: CRIME Computers vulnerable at Oregon department"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 14:24:35 PDT