Daniel Carosone <[EMAIL PROTECTED]> writes: > On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote: >> > So we need to see a "Choicepoint" for listening and sniffing and so >> > forth. >> >> No, we really don't. > > Perhaps we do - not so much as a source of hard statistical data, but > as a source of hard pain.
That might not be such a bad thing. Object lessons have a way of whipping people in to shape. A few more heads rolling might convince others that security isn't optional. In the late 1960s, several major brokerage firms went under because they didn't have their accounting systems sufficiently automated. The people on the business people thought of I.T. as a necessary evil rather than as the backbone of their business, and they paid the price. At intervals, business gets major accounting scandals, about every 20 to 40 years when people forget about the last set. I suspect I.T. crises are similar. It has been so long since the last one happened in the financial industry that the institutional memory of it is now gone, so we're ripe for another. It is my prediction that we will, in the next five years, get the failure of a couple of international financial institutions because of insufficient attention to systems security, again because there are a few executives in the business who do not understand that I.T. is not an expense that needs managing but rather the nervous system of the company. > People making (uninformed or ill-considered, despite our best efforts > to inform) business and risk decisions seemingly need concrete > examples to avoid. Indeed. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]