Government computer security


"Centralizing" security hasn't worked so far, why should it work now?

I don't agree with Doug Howard's conclusions, but he does make some good points.

The flaws with the new White House information security mandates come from assuming that centralized authority exists. In reality, this is as fictional as many of Hollywood's themes.

Simply put, the attempts to create any centralized controls or escalation points have failed. While federal authorities have attempted in good faith efforts to create security czars or centralized security groups such as the United States Computer Emergency Readiness Team (US-CERT), they have failed each time.

I don't agree with the "need" for a centralized security structure. Just as one example, cracking CitiCorp's computers won't give you access to American Express. A centralized structure would make it possible to hack into the FBI from the Department of Agriculture. Decentralization can be one of the best security measures out there. Keys from Ford don't start cars from Chevrolet. Competition and different standards makes for better security.

— NeoWayland

Posted: Mon - September 4, 2006 at 06:08 AM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library



Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved