Secure Coding mailing list archives
Re: The problem is that user management doesn't demand security
From: Julie Ryan <jjchryan () gwu edu>
Date: Fri, 12 Dec 2003 00:29:10 +0000
When discussing the responsibility of corporate governance in assessing risk, understanding security requirements, and defining policy, let's not forget the following circumstances: A) the vast majority of companies in the US are small. From the SBA website (www.sba.gov) come the following stats: "Small firms 1. Represent more than 99.7 percent of all employers. 2. Employ more than half of all private sector employees 3. Pay 44.5 percent of total U.S. private payroll. 4. Generate 60 to 80 percent of net new jobs annually. 5. Create more than 50 percent of nonfarm private gross domestic product (GDP). 6. Supplied 22.8 percent of the total value of federal prime contracts (about $50 billion) in FY 2001. 7. Produce 13 to 14 times more patents per employee than large patenting firms. These patents are twice as likely as large firm patents to be among the one percent most cited. 8. Are employers of 39 percent of high tech workers (such as scientists, engineers, and computer workers ) . 9. Are 53 percent home-based and 3 percent franchises." (http://app1.sba.gov/faqs/faqIndexAll.cfm?areaid=24) B) small businesses are not heavy users (or understanders) of security concepts. See Information Security Practices and Experiences in Small Businesses, posted online at http://www.pirp.harvard.edu/pubs/pdf-blurb.asp?id=493 C) small businesses grow up to sometimes take over the world..... typically with the same attitudes towards security that they started with. Julie J.C.H. Ryan, D.Sc. Assistant Professor Department of Engineering Management and System Engineering School of Engineering and Applied Science The George Washington University http://www.seas.gwu.edu/~jjchryan/
Current thread:
- The problem is that user management doesn't demand security, (continued)
- The problem is that user management doesn't demand security David A. Wheeler (Dec 08)
- Re: The problem is that user management doesn't demand security Dana Epp (Dec 08)
- Re: The problem is that user management doesn't demand security Jared W. Robinson (Dec 09)
- Re: The problem is that user management doesn't demand security Erik van Konijnenburg (Dec 08)
- Re: The problem is that user management doesn't demand security Kenneth R. van Wyk (Dec 09)
- Re: The problem is that user management doesn't demand security George Capehart (Dec 09)
- Re: The problem is that user management doesn't demand security Stephen Galliver (Dec 09)
- Re: The problem is that user management doesn't demand security Andreas Saurwein (Dec 10)
- Re: The problem is that user management doesn't demand security Michael Cassidy (Dec 10)
- The problem is that user management doesn't demand security David A. Wheeler (Dec 08)
- Re: The problem is that user management doesn't demand security George W. Capehart (Dec 10)
- Re: The problem is that user management doesn't demand security Julie Ryan (Dec 11)