Go to the FreeLists Home Page Home Signup Help Login 		 



Browse networknewsletters: This Month's ArchiveMain Archive PageRelated postsPrevious by DateNext by Date

Yoran and Spaf's Law

  • From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
  • To: NetworkNewsletters@xxxxxxxxxxxxx
  • Date: Tue, 02 Nov 2004 09:33:37 -0500
**************************************************************
-- Educational CyberPlayGround Community 
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/index.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
**************************************************************
>
>http://www.eweek.com/article2/0,1759,1679514,00.asp
>
>By Ben Rothke
>October 25, 2004
>
>In his book "Practical Unix and Internet Security," Professor Gene
>Spafford of Purdue University spells out Spaf's first principle of
>security administration: "If you have responsibility for security but
>have no authority to set rules or punish violators, your own role in
>the organization is to take the blame when something big goes wrong."
>
>Spaf's principle is a cruel reality faced by many of those responsible
>for information security. They often are treated like a cross between
>Charlie Brown, who is constantly picked on, and the late Rodney
>Dangerfield, who got no respect.
>
>Amit Yoran is a prime example of Spaf's principle in action. On Oct.
>1, Yoran resigned in frustration after one year as director of the
>National Cyber Security Division of the Department of Homeland
>Security. Yoran lacked both an important title and appropriate
>authority - which are everything in government.
>
>Yoran said he resigned because he had done all he could with limited
>resources. That much is true. In principle, he had done all he could.
>But, in fact, he was severely limited. His hands were tied.
>
>Yoran's very visible resignation motivated the House of
>Representatives to change the language in the intelligence reform bill
>that would have moved responsibility for cyber-security from DHS to
>the Office of Management and Budget. Such a boost would give the
>director the necessary power to bring about change in the government.
>
>Further, DHS Secretary Tom Ridge, spurred by Yoran's departure, said
>the cyber-security position would be upgraded to assistant secretary.
>
>I, for one, sincerely hope that the cyber-security position will be
>upgraded to assistant secretary. But the reality of Washington
>politics is likely to preclude that.
>
>The Yoran incident isn't unique. Many organizations like to state
>publicly that information security is priority No. 1, but, privately,
>they will not put their money where their mouths are.
>
>Upper management often issues orders such as "Clean up the system at
>any cost!" Yet when these same managers get recommendations for
>pre-emptive security implementation, too often chief information
>security officers are told, "The budget for this quarter has been
>exceeded. Ask me again later in the year."
>
>Information security is a challenging and technologically rewarding
>profession. Unfortunately, those responsible for carrying out
>information security often are not given the authority and budget to
>get the work done.
>
>Yoran knows what this is like. Without the means to do the job,
>winning the security war is a nearly impossible fight.
>
>
>-=-
>
>Ben Rothke, CISSP, is a New York-based security consultant with
>ThruPoint Inc. McGraw-Hill has just published his book: "Computer
>Security: 20 Things Every Employee Should Know." He can be reached at
>brothke@xxxxxxxxxxxxxx Free Spectrum is a forum for the IT community
>and welcomes contributions. Send submissions to
>free_spectrum@xxxxxxxxxxxxxx
>


<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND 
http://www.edu-cyberpg.com

Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html

FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp

HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp

Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>

Other related posts:

  • Yoran and Spaf's Law




    • [ Home | Signup | Help | Login | Archives | Lists ]

    All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
    Everything else ©2008 Avenir Technologies, LLC.