“Infosec, You’re Doing a Heck of a Job!”

… to paraphrase President George W. Bush’s praise of “Brownie,” a.k.a. FEMA director Michael D. Brown, just before the flooding of New Orleans and one of the most damaging, and least-well handled catastrophes in US history – see my chapter on “Responsibilities and Liabilities with Respect to Catastrophes” in the Handbook of Research on Social and Organizational Liabilities in Information Security at www.igi-global.com/downloads/excerpts/8415.pdf 

I’m writing this column during RSA Conference week. No, I’m not at the conference. Nor have I ever been to an RSA Conference. I may well have been the only senior infosec executive who has never attended this conference. I just could never justify, in my own mind, the week or more that needs to be invested. In any event, my brain tends to saturate going into the second day of most conferences.

One Comment

  1. James Anderson Apr 27, 2009 at 5:26 pm | Permalink

    Hmmm. Axelrod — who I think was a recent winner of the Infosec Executive of the Year Award — believes that the RSA Conference was an example of “…ostentatious celebrations of infosec grandeur that is both pretentious and sad at the same time. Here are the leaders of our field pontificating about the great things of which our profession is capable, while, at the same time, information security is in the worst state that it has ever been.” Well, at least he’s got pretentious down to a science: blogging about RSA when he didn’t attend — in fact says he has never attended and could not justify a week-long conference… As for pontificating, he takes a great run at that one also: stating that industry better “step up to its responsibilities or else the government will have to step in and take control.” Oh, yeah, that’s the ticket. A little bit more of “C2 by 92” and we’ll all be buttoned up. Shoot, as long as we can nationalize all the big banks, nationalize the automakers, and borrow unlimited funds to do it from the taxpayers, almost anything is possible. So you RSA attendees better suck it up and get things fixed pronto. Or uncle Hugo Chavez will step in and take care of things and it won’t be funny… I for one think we need a little less pontification from all sides and recognize one essential truth about information security: INFOSEC IS GETTING ALL THE EMPHASIS THAT CAN BE EXPECTED GIVEN THE LEVEL OF PRIORITY AND SUPPORT IT HAS RECEIVED FROM GOVERNMENT AND ENTERPRISE. The notion that we can fix infosec while at the same time we fix the economy, health care, energy, global warming, Afganistan and Iraq is just absurd. While we have bigger fish to fry right now, infosec professionals will continue to guard the ramparts — we should not however, expect to win the war tomorrow.

Post a Comment

Your email is never published nor shared. Required fields are marked *