White House To Unveil New Plan for U.S. Computer Security [SecurityFocus] [dws.]
There's been a lot of press about the role Microsoft's responsibilities should play in the White House big picture as opposed to the role it really is playing. Wasn't there a former Microsoft Security Expert who got hired to become a White House Security Expert? I have to be careful with my big mouth here, since I consider some other places much more appropriate sources of talent for our Government.
Top Story in this week's http://www.eweek.com/ is what should be a copy of the President's Plan for Cyber Security and the notion that they now will seek public support for the plan, and also possibly get second opinions from other people in the know, before the President signs it.
Top Story in this week's e week Security pages is a progress report on how various industries are doing moving towards better computer security, such as mass transit, power plants, communications, etc. followed by a survey of computer security professionals.
The results imply that almost half of the nation's infrastructure has done nothing different about computer security since 9/11/2001, and that this constitutes criminal negligence. Now I think that some enterprises were probably doing proper security before 9/11/2001 and did not need to do anything other than a review. One person was quoted as saying that proper security requires incremental gains in Security each year. I think it is better to get your security as good as you can get it, and keep it that way, except when the security risks are so bad that installing patches to fix patches to fix patches to fix patches to fix ... means that you can get nothing else done with your time, so what you should be doing is learning a different Operating System that does not need that behavior, assuming that other Operating System is not going to be declared illegal by pending legislation.
For my past Weblog posts on computer security topics see
- Sep 16 on Y2K of copying;
- Aug 29 on diagnosing hoax and computer security myths vs. serious downage;
- and Aug 15 on how Computer Security does not have to be rocket science.
11:22:09 PM 
|
