RE: The Future of Security

["Scott, Richard" <Richard.Scott () bestbuy com>]

        --  Gary wrote:
        >..<snip>...
        >Now before anyone lights the flame throwers, I think it fair to say
that
        >there has been a lot of poor quality work done in the past, and the
        >complaints come from everywhere you look.  It is not focused on one
industry
        >segment, or about one firm doing the dirty deed etc.  The problem
is that
        >when mediocre work is performed at the fortune 500 level, the
trickle down
        >effect is that we all get a black eye.  So that is why I think that
the
        >market will force so called experts to do a better job.
        >...<snip>...

          I'm interested here about where you say "complaints come from
everywhere
        you look."
          From "inside" (e.g: this mailing list, the Usenix Security
conference,
        etc. - where the techies are found) - the perspective is that the
"poor
        quality" comes from things like the InfoSec division of a brand name
big
        accounting firm sending out an intern with a laptop loaded with ISS
(or
        some other security scanner) to do an audit of a client.  The
network
        and system administrators at the client see this and are chuckling
        over their coffee or Mt. Dews about the yoo-yoo sent out to do the
audit.
        This is the *stereotype* of poor quality from the techie viewpoint.
          Do you think management - whose eyes glaze over when the techies
walk
        into the room - also think there is rampant poor quality in the
Computer
        Security racket ?  What drives their perceptions ?

          Yours in asking for hundreds of dollars per hour without blinking,

          - Randy
         -

        I would like to add to this thread.  I think companies budget for
what they know, and many huge companies do in fact ignore security.  After
all, why not, a web defacement here, and a defacement there, after a few
days the site is back up.  Since e-commerce is such an infancy in terms of
market development and revenue, senior management will not consider it a
money decider.  Now if we switched the roles, make e-commerce a huge market,
where the annual turn over is billions and billions of pounds.  An outage of
a day due to a web defacement may turn heads.  Lost revenues, loss in
consumer confidence and more.  What I would like to see is a report on
current web defacement, their impact on the sites customers, whether they
refuse to go to the site again because it was insecure, or whether they use
the site again, believe that the site is now secure. Also how much revenue
was lost, or more so, how much of a market share did a site lose from the
outage.  Did customer information get downloaded, what did the clients
think?

        Does anyone have any statistics on this?







Richard Scott   
BestBuy.Com
* Tel: 001-(612)-995-5432
* Fax: 001-(612)-947-2005
* Best Buy World Headquarters
7075 Flying Cloud Drive
Eden Prairie, MN 55344 USA

The views expressed in this email do not represent Best Buy
or any of its subsidiaries.