Re: Clarke warns educators about need for better security

[InfoSec News <isn () c4i org>]

Forwarded from: dont <dont () csds uidaho edu>

> "In three to four years, we will have a billion IP addresses," he
> said. "Do we still want to use TCI/IP? Do we still want the same
> domain naming system? Do we still want the same wireless security
> we're using today?"

Well, back when this was first done, it was actually pretty
well-funded. Research funding nowadays seems primarily tied to
products, not growth of the field.  In terms of actual knowledge of
computer security issues, we have grown little.  Not only do we fail
repeatedly to put into practice "lessons learned", but we still do not
have a good grasp of what the true defining questions are for us to
research.  No one can concur on the problem space definition, and,
worse still, the problem space changes rapidly over time.

Give academia money for basic research, and not tied to development,
and maybe we will get surprised.

> "Schools are pumping out too many students who approach security
> mechanically from an engineering perspective," said Nimal Jayaratna,

really?  where?  pumping out "too many"?  I would love to see data on
this... however, asking people to validate their claims is something
we don't do anymore.

> Some educators, such as Alexander Korzyk, assistant professor at the
> college of business and economics at the University of Idaho in
> Moscow, Idaho, questioned whether information security should remain
> in the computer science discipline at all, or be moved to areas of
> study more reflective of business risk issues.

I can go along with the cross-disciplined idea, but I am fairly
uncomfortable (ok, maybe incredibly scared) with MIS people taking
over the research in this field.

Yes, businesses should be aware of it, but honestly, I would rather
try to teach comp sci folks about business analysis than the opposite.

dont


==========================================================================
If you must choose between 2 evils, pick the one you've never tried before
==========================================================================



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.