Dr. Stephenson responds
Thank you, Bill, for both your kind words and your history lesson ["Letters," April]. Like most of the world, I fear that I am unsure from time to time as to what is politically correct beyond those obvious things of race, religion and gender. I was completely unaware of the etymology of the phrase "young Turks" and, while I meant it to be complimentary to the upcoming young breed of security professionals, I certainly don't wish to offend anyone.
So, if I offended any Armenians (or anyone else, for that matter) you have my sincere apologies. I feel a bit like the guy in the Geico commercial who, after saying that signing up for their insurance is "so simple a caveman could do it," finds that there still are cavemen around (and, please, if there are any, I don't mean to offend you either).
Again, thanks for your comments and keep writing!
Peter Stephenson, Norwich University
IT experts to House
Interesting article (online, March 15, scmagazine.com). I wish I actually believed that this hearing was going to be something more than another round of lip service to the information security community. With this hearing, we will most likely see the standard scene. Howard Schmidt and deputy assistant director Steven M. Martinez among others will sit before a committee and tell it the way it is. There will be much lamenting and wringing of hands by the committee.
Sort of reminds me of Reverend Lovejoy's wife in The Simpsons: "Won't someone please think of the children?" Then there will be a call by someone somewhere to do something. The trade journals and some broadsheets with run with it for a couple of days. Then sated from publicity the information security genie will retire from public view until it is politically expedient to feed it again.
The net result will be the same as the DHS announcement that the cyber security position would be raised to assistant secretary level, zero. Did DHS honestly think no one would notice they announced the elevation of the cybersecurity post to assistant secretary in July 2005 and eight months later it is still not been filled?
Richard Starnes, president, Information Systems Security Association (ISSA), U.K.
The leaked emails from the [U.K.] National Health Service (NHS) to the Department of Health revealing sensitive details of the imminent "derailing" of a £20 million [USD $34.7 million] IT project should serve as a wake-up call to every organization.
Granted, email is the most cost-effective and efficient means for communicating with colleagues. But if anyone should know the risks involved, it is government departments.
Businesses large and small should learn from the experience. Without a watertight email policy, firms are effectively doing business on the back of a postcard.
Company-wide guidelines need to be introduced on email use, especially when communicating sensitive information. There is little use in just one department following a separate policy to another.
While email users may object to another set of rules to follow, it's better to mitigate the risk at the outset rather than face the embarrassing consequences of confidential information reaching the masses. This kind of exposure is often very difficult to recover from.
Thorgeir Einarsson, vice president of international sales, Sendmail