Sam Dekay

An Open Letter to Warren Axelrod: Yes, InfoSec, You’re a Heck of a Job

First, is it true that InfoSec is “in the worst state that it has ever been”?  Judging from the reportage emanating from Siobhan Gorman and others, there seems to be evidence for such a claim.  But, I wonder if the publicizing of high-profile incidents is itself the major reason we think that information security is becoming more ineffective?  In the 1980s, for example, there were virtually no discussions of “computer security” in the popular press.  But then, in the 1980s, there was also no widespread use of untrusted networks (such as the Internet) and no statutes and regulations concerning the control of identity theft or computer-borne invasions or privacy.  Instead, as you undoubtedly remember all too well, we had the problem of controlling access to MVS and other mainframe systems.  This was pretty dull business for mainstream journalists.  (Although, of course, we didn’t call them “mainstream” then.) 

Oddly, even though the scope of their responsibilities in the 1980s was rather narrow, information security practitioners did not have a sense of their being effective and proactive agents, dutifully protecting critical information assets.  Instead, there seemed to be merely ceaseless complaints.  Internal auditors inevitably identified problems with access control, systems programmers and application developers maintained that InfoSec was needlessly “handicapping the hired” with overly rigorous controls, and senior managers often had problems justifying the very existence of security staffs.  (After all, most of the real fraud was occurring by insiders who manipulated manual procedures for nefarious purposes; real computer fraud in the private sector seemed to be a rarity.)  Practitioners were frequently reactive, rushing from fire to fire, and hoping that new crises would not emerge before the embers of the old had at least become nonthreatening. 

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*