Personnel Shortage Hindering Net Security

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article/0,3658,s=720&a=23973,00.asp

March 13, 2002 
By  Dennis Fisher 

ARLINGTON, Va. - A critical shortage of experienced security personnel
- and not a lack of technological advancement - is hindering the
effort to secure the nation's public and private networks, government
officials and security experts said Tuesday.

Speaking to a room full of security officers, CIOs and CTOs at the
Defending Against Information Warfare Conference here, a succession of
high-profile experts said that technology alone is not enough to solve
the endemic security problems in the Internet and corporate networks.

"I'd like to emphasize the importance of people and processes and not
just technology in this equation," said Robert Gerber, chief of the
analysis and warning section of the National Infrastructure Protection
Council. "The threat has never been greater and the pace at which new
technology comes into the networks makes it difficult to keep pace."

Gerber spoke on a panel that also included Michael Jacobs, information
assurance director of the National Security Agency; Jacques Gansler,
professor at the Center for Public Policy and Private Enterprise at
the University of Maryland; and Jeffrey Hunker, dean of the Heinz
School of Public Policy at Carnegie Mellon University.

Jacobs echoed Gerber's sentiments, saying that the technological
advancements of the past decade have led to a kind of gold-rush
mentality among IT managers and CIOs, who often believe that more
hardware and software is the answer to every problem.

"IT spending often runs counter to good security, which lives best in
a stable environment," said Jacobs, a veteran of nearly 40 years at
the NSA, based in Ft. Meade, Md. "The technology isn't the issue. We
have converged on a desired end-state, but are conflicted with a lot
of impediments to getting to that end-state."

The panel discussion followed a presentation by Howard Schmidt, vice
chairman of the President's National Infrastructure Protection Board,
who stressed the need for more college- and graduate-level education
in information security.

"There are still just not enough people with expertise in these
areas," said Schmidt.
 

[Recommended link: http://www.intelligencecareers.com   - WK]

 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.