Information Security News mailing list archives
Letter to the editor - Token effort on IT security
From: InfoSec News <isn () c4i org>
Date: Tue, 16 Apr 2002 02:34:24 -0500 (CDT)
http://www.fcw.com/fcw/articles/2002/0415/web-letter-04-15-02.asp April 15, 2002 Why is information technology security a problem? Nothing gets management's attention unless it is bleeding or causing adverse publicity. Therefore, IT security will get no attention unless it is causing mission problems or getting bad publicity. Management will not give resources to anything that doesn't "squeak" louder than other issues. No agency is doing a decent job of training personnel in IT security issues. High cost; therefore, only token effort. Note: The Computer Security Act has been in effect for 15 years, but to this day, most agencies have (at best) implemented only small pieces of the requirements of this act. Life cycle management truly integrating IT security into the whole process isn't happening. Congress does a great job of mandating certain actions or activities, then providing zero resources to the agencies to actually implement the activities. If the Hill truly wants something done, they must be prepared to fund them. They can always find resources for some pork project that only benefits a few representatives or senators. Very few agencies have a comprehensive IT security policies and procedures document. Fewer still have actually communicated that document to the offices that must implement it. Fewer still provide the authority to the IT security manager to enforce the implementation. So, why do we have problems with IT security??? Sigh! Too many managers think that IT security is firewalls or intrusion-detection systems. It isn't. There are several others that are important, but you get the idea. Name withheld by request - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Letter to the editor - Token effort on IT security InfoSec News (Apr 16)
- <Possible follow-ups>
- RE: Letter to the editor - Token effort on IT security InfoSec News (Apr 17)
- Re: Letter to the editor - Token effort on IT security InfoSec News (Apr 17)
- RE: Letter to the editor - Token effort on IT security InfoSec News (Apr 18)