|
Hey Al, isc2 might make your document into its 11th discipline of the CBK (Common Body of Knowledge) for the CISSP exam!!! We could only hope!!! Seriously, perhaps a chapter on educating (or how to educate!) the upper echelons (upper management) of organizations to treat security as a core business function, rather than a burden would be helpful. BTW, I'd love a copy of it.. rjs@team400.net Richard Serrano Team400 www.team400.net ----- Original Message ----- From: <MacWheel99@aol.com> To: <midrange-l@midrange.com> Sent: Wednesday, November 28, 2001 6:43 AM Subject: Re: Just a comment > The articles recently about Internet security are interesting and eye > opening I have been rather frustrated & annoyed with the whole panorama of a) Vast numbers of users who seem rather ignorant of the risks. b) Market demand for cheapest purchase price regardless of other considerations. c) People who discover flaws with Microsoft & other vendor products who seem to think that the correct way to get the flaws fixed is to trumpet them to criminals who will write viruses & other malware that exploits those flaws. d) Microsoft writes security fixes that are seriously flawed & treats the whole thing as a PR exercise, much in the same way that the Ford Bridgestone fatal roll-over scandal was treated as an Accounting Liability entry & not a quality redesign priority. e) Journalists and Computer "experts" who should know better, talking as if this is some horrible problem that has no solution or alternative. I have tried to do my two cents against this situation a number of ways. Most recent public effort was http://groups.yahoo.com/group/TYR message #s 3258 3261 3293 3314 3341 An earlier effort was via http://www.TechRepublic.com/forumdiscuss/thread_detail.jhtml?thread_id=20600 Thanks to some discussion on one of the other midrange.com lists that led to some off-line talk about this, I am now headed for a web site that will be a FAQ on Computer Security Myths & Common Sense primarily aimed at journalists. If you are interested, I could send you by e-mail attachment (privately, not via the list), a copy of my working Word document MAC MYTHS . DOC ... it is about 20 pages long ... here is the table of contents so you can see the flavor of what I have been trying to do so far. Abstract Goals 1 Illuminating Misconceptions 2 Quiz Understanding 2 Who can we trust? 2 How do we know we got it right? 2 Multiple Virus Choice 3 What's wrong with this Virus Viewpoint? 3 General Computer Security Myths 5 Do Passwords protect PCs? 5 Is it Heroic to reveal a Hole in Security? 5 Is Computer Security an Oxymoron? 7 Is your PC safe? 8 Do we just buy good security products & install properly? 9 Don't Physical Door Locks Protect Us? 10 Some Wild Ideas to Improve State of Art 11 Airline Passenger Bar Coding Aids 11 Legislate not against tools but how they are used 12 Responsible Security Bug Notification 13 Computer Security Education 14 Key Resource Sites 14 Monthly Info Sec newsletter 14 The SANS Institute 14 e-com-sec moderated discussion 14 CERT 17 Firewalls 17 Return on Data 18 Hacker News Network 19 More References 19 The bigger picture 20 Understanding Computer Protective Legislation 20 URL References 20 URLs for Anti-Virus Software Vendors 21 MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac) _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.