Scaled Back Cybersecuruty

• Previous message (by thread): Scaled Back Cybersecuruty
• Next message (by thread): Scaled Back Cybersecuruty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 14 Jan 2003 sgorman1 at gmu.edu wrote:

:That is the rub.  Kind of like targeting treatment for AIDS to those
:with the most sexual partners - it helps solves the problem but is it
:worth rewarding irresponsible behaviour.  

I don't think its fair or sensible to evaluate the outcome of a 
distribution scheme by the kind of message it allegedly sends, 
mostly because there is no mechanism within the scheme to satisfy
the evaluation criteria. 

That is, the scheme has no way of deciding what is "responsible" 
or not, so it shouldn't be evaluated on that basis. 

It would be nice to raise-all-boats as the saying goes, but without
the basic state of the network being secure (thanks to vendor 
default secure configurations), it's not going work. 

:Is the government willing to provide enough incentive to change the
:market place?  If RFP's alone can't do it what else could be tried?

Security considerations have to be built into every process. The RFP 
process is a good start. Another would be the sales engagement 
processes, design considerations etc. 

It is an education issue. 



-- 
batz

• Previous message (by thread): Scaled Back Cybersecuruty
• Next message (by thread): Scaled Back Cybersecuruty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]