Hey Al,

isc2 might make your document into its 11th discipline of the CBK (Common
Body of Knowledge)  for the CISSP exam!!!

We could only hope!!!

Seriously, perhaps a chapter on educating (or how to educate!) the upper
echelons (upper management) of organizations to treat security as a core
business function, rather than a burden would be helpful.

BTW, I'd love a copy of it..   rjs@team400.net


Richard Serrano
Team400
www.team400.net



----- Original Message -----
From: <MacWheel99@aol.com>
To: <midrange-l@midrange.com>
Sent: Wednesday, November 28, 2001 6:43 AM
Subject: Re: Just a comment


> The articles recently about Internet security are interesting and eye
>  opening

I have been rather frustrated & annoyed with the whole panorama of

a) Vast numbers of users who seem rather ignorant of the risks.
b) Market demand for cheapest purchase price regardless of other
considerations.
c) People who discover flaws with Microsoft & other vendor products who seem
to think that the correct way to get the flaws fixed is to trumpet them to
criminals who will write viruses & other malware that exploits those flaws.
d) Microsoft writes security fixes that are seriously flawed & treats the
whole thing as a PR exercise, much in the same way that the Ford Bridgestone
fatal roll-over scandal was treated as an Accounting Liability entry & not a
quality redesign priority.
e) Journalists and Computer "experts" who should know better, talking as if
this is some horrible problem that has no solution or alternative.

I have tried to do my two cents against this situation a number of ways.
Most recent public effort was

http://groups.yahoo.com/group/TYR
message #s 3258 3261 3293 3314 3341

An earlier effort was via
http://www.TechRepublic.com/forumdiscuss/thread_detail.jhtml?thread_id=20600

Thanks to some discussion on one of the other midrange.com lists that led to
some off-line talk about this, I am now headed for a web site that will be a
FAQ on Computer Security Myths & Common Sense primarily aimed at
journalists.

If you are interested, I could send you by e-mail attachment (privately, not
via the list), a copy of my working Word document MAC MYTHS . DOC ... it is
about 20 pages long ... here is the table of contents so you can see the
flavor of what I have been trying to do so far.

Abstract Goals  1
Illuminating Misconceptions 2
Quiz Understanding  2
Who can we trust?   2
How do we know we got it right? 2
Multiple Virus Choice   3
What's wrong with this Virus Viewpoint? 3
General Computer Security Myths 5
Do Passwords protect PCs?   5
Is it Heroic to reveal a Hole in Security?  5
Is Computer Security an Oxymoron?   7
Is your PC safe?    8
Do we just buy good security products & install properly?   9
Don't Physical Door Locks Protect Us?   10
Some Wild Ideas to Improve State of Art 11
Airline Passenger Bar Coding Aids   11
Legislate not against tools but how they are used   12
Responsible Security Bug Notification   13
Computer Security Education 14
Key Resource Sites  14
Monthly Info Sec newsletter 14
The SANS Institute  14
e-com-sec moderated discussion  14
CERT    17
Firewalls   17
Return on Data  18
Hacker News Network 19
More References 19
The bigger picture  20
Understanding Computer Protective Legislation   20
URL References  20
URLs for Anti-Virus Software Vendors    21

MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)



_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.