Re: Role of Campus Police.

[Tom Bossie <tbossie () CITADEL COM>]

To me the given is vulnerability, in all its forms. Will we see "Zero
day" exploits. I'm no fear monger, but I think we will; if only because
it's there, like Everest. Someone in this string said it; "we live in
the garden of good and evil". 

There are bigger issues as hand here, with deep resonance; Privacy vs.
Security. Education cradles many of these concepts; open access, no
boundaries, no fear, even freedom itself. Institutions also house
valuable assets; identities and research that need protecting. 

Buying hardware and software safeguards, or hardening the network is
merely enacting the governance of the administration. It belongs on
table of executives because of the impact unbridled risk brings.

Let's face it, Policy and Governance across administrative, academic and
student communities is as daunting a landscape as one might construct. 

In the end we do the best we can with what we have. But, if what we have
is not enough, it becomes necessary to promote some "security
consciousness". I don't feel anyone is getting ahead of the curve. 

Thanks for this string...it's what I love about this community.  

Tom Bossie



-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Willis Marti
Sent: Tuesday, February 01, 2005 8:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Role of Campus Police.

> > > I really am of the opinion that if we can get to the point
> > > where everyone knows his or her role in the protection of
information,
> > > we won't have much need for security specialists.
>
> I agree with this point.  It's pretty rare that anyone has to engage a
> security consultant to lock your house at night.  Effective (read:
> sufficient for typical deterrence levels) security should become as
> intuitive and easy as possible for the average user.

Apt analogy, but I disagree with the conclusion. Locking one's house may
deter the casual thief, but does almost nothing against an intruder with
even a minimal skill set. Educating users is nice but will not be
sufficient.

If one wants to minimize the need for security specialists, one has to
eliminate (minimize) the intruders and/or harden the system. The most
intuitive action for a user is "do nothing". Most people will always
have
something to grab their attention with higher priority (for them) than
security.

Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.