Decius wrote: ] w1ld wrote: ] ] ] ] An internal draft of the administration's upcoming plan ] ] ] to improve cybersecurity also no longer includes a number ] ] ] of voluntary proposals for America's corporations to ] ] ] improve security, focusing instead on suggestions for ] ] ] U.S. government agencies, such as a broad new study ] ] ] assessing risks. ] ] ] ] ] ] "Governments can lead by example in cyberspace security," ] ] ] the draft said." ] ] ] ] Would love to hear what you have to say about that last ] quote. ] ] :) ] Having said that, no, I don't think the government can "lead ] by example." There are plenty of "examples" of the right ] things to do out there. The problem is not lack of good ] examples. The problem is that people just don't understand ] that this is important, and if so, how. People would rather be ] vulnerable then take on the expense associated with security. ] This creates national security problems, and network abuse ] problems. If you want to address those problems you have to ] teach people to care. You have to teach them that running a ] secure website is like always washing your hands. Its not just ] about security from things you can see. Its about not being a ] carrier for things you can't see. I have something interesting to add. I had breakfast the other day with someone who is intimately involved in the security business. Not just tech security, but the whole spook ball of wax. Surveillance, background databases, building security, process, screening, encryption, the whole nine yards - for the biggest security company in the world. Anyways, this person said that after 9/11 everyone and their brother had REPORTS done to identify weaknesses. The consulting business was aglow and still is with surveys. But no one has DONE ANYTHING about fixing those weaknesses. The reason? Cost. In 99 out of a 100 cases, the cost of FIXING the weakness was less than the cost of an exploit. This was the case for everything. From hacked servers to bombs in the parking garage. From hiring of potential corporate espionage risks to making sure the disgruntled employee doesn't come back and blow your head off. Most companies felt that they'd rather take their chances than spend the money to prevent further security breaches. RE: A Pared-Back Security Initiative |