Re: future of cybersecurity in Higher Ed

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Sun, 01 Oct 2006 22:18:43 CDT, Bret R Blackman said:

> What do you see as strategic issues and serious threats in regards to
> cybersecurity for Higher Education over the next 2 years?

1) Users running operating systems and applications that they are not
trained to run/administer in a secure manner. (And yes, you *can* admin
an OSX or Linux box poorly - it's becoming more common).

2) Vendors and pundits that sell you stuff with security holes.  Note that
"stuff" includes both actual software/hardware, and "methodology" - how many
times have you seen a web server get pwned because somebody got convinced that
LAMP was easy, and as a result, the M and P parts got exploited with an SQL
injection?

3) Upper management that has to balance cybersecurity against all the other
(almost always legitimate) requirements for budget and resources.

If you want a list from me in 2008, just re-run this one.  It's been basically
the same for the 2 decades I've been doing this stuff...

(I've always had a moving target for *tactical* issues - specific "No Good Can
Come From This" issues like "ActiveX", "Javascript", or whatever the looming
threat in the trenches has been - the *strategic* things that the CIO has to
worry about have remained amazingly the same for years....)

Attachment: _bin
Description: