RE: Network-Security Expert Says Colleges Should Do More to Prote ct Their Computers

[Paul Killey]

I don't disagree w. Paul H's examples, but there are other dimensions to
this as well.

For example, a lot of corporate security (in terms of monitoring, etc.) is
probably a side-effect of defending against harrassment and civil-rights
based complaints and law suits.  You do have a different set of issues when
your main population is employees as opposed to members, constituents, or
other types of associations.  Physical security is still a problem for some,
given the success of Oracle's dumpster diving against the Microsoft flacks.

I confess I have a hard time distinguishing between sales and "info" when
the traditional accounting firms who have branched into consulting (KPMG,
PriceWaterhouse, Andersen, whomever) talk about security.  They are the ones
doing the audit, they would have an insight into business opportunities for
other parts of their organizations for their different clients.  I think the
SEC is still having hearings on what business interests the accounting
companies will be allowed to have.

I personally think that firewalls' utility may limited as time goes by,
given the # of problems people can exploit w/ web and browser related s/w.

I believe there is something to the idea of standard practices and
reasonable procedures.  If that bar is raised too high, it becomes an issue
of getting the rules set for trial lawyers and insurance companies as much
as security practices.

Many software vendors are having a hard time w/ security, and in some cases
it reminds me of Ford Pintos' gas tanks (as opposed to keeping the ice off
your sidewalk) when you are talking about liability.

- --paul