Security Basics mailing list archives
RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
From: "Conlan Adams" <conlan () midwesteyebanks org>
Date: Thu, 11 May 2006 08:28:18 -0400
You know, it's really easy to blame the issues of computer security on the information security professionals. In reality though, it's much more often an issue of the users of the technology themselves. Then you get to the much larger question, of who's job is it to train the users? Computers aren't simple appliances, they aren't a toaster where you push the button and it makes toast. Even when they can be that simple, you always have someone sticking their fingers inside, or prying with a knife and getting shocked or burned. To drive a car, in my state at least, you need to log hundreds of hours behind the wheel practicing with a licensed individual, go to a certified training course, and pass tests that say you're safe to use it. Should we do this for computers? More over, just as Drivers Education doesn't include things like how to change or check your brakes, it does encourage regular professional maintenance. Should we tell users to bring computers in for their three month checkups for patches, and general maintenance? Would they be willing to do it, and pay for it? I do notice that they point the finger at IT professionals all over the place, and in some cases it warranted, but they fail to give any solutions. It's a case of here's the problem and why it's your fault. By no means am I saying that we as security professionals don't have our share of blame in this issue, but I don't feel its "our" issue alone. -----Original Message----- From: Sadler, Connie [mailto:Connie_Sadler () brown edu] Sent: Wednesday, May 10, 2006 1:01 PM To: email () securityabsurdity com; security-basics () securityfocus com Subject: RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." I think there is a *lot* more to this, but don't have the time to fully respond. Good things to think about - yes! But InfoSec has never had the authority to do what's best. Ideas are floated and quickly rejected, and the "balance" we all try to provide is as much as many of us can "push" out against a very resistant culture. Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC Director, IT Security, Brown University Box 1885, Providence, RI 02912 Office: 401-863-7266 -----Original Message----- From: email () securityabsurdity com [mailto:email () securityabsurdity com] Sent: Wednesday, May 10, 2006 12:54 AM To: security-basics () securityfocus com Subject: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. A long-overdue wake up call for the information security community. Article: http://www.securityabsurdity.com/failure.php
Current thread:
- Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." email (May 10)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- <Possible follow-ups>
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Sadler, Connie (May 10)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Conlan Adams (May 11)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 11)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Craig Wright (May 20)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Craig Wright (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 20)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Robinson, Sonja (May 23)