compromising OS/2 or Multix?
So the primary remote access to
our file server is TFTP; our spin
is that any protocol that old is
“time-tested.” So our password
security policy requires LAST-NAME followed by YEAR; we
emphasize that we have a rule for
password expiration built right
into our password security policy.
No baselines to measure, no
checklists to distract us, no concern over best practices, no specific objectives to define. COBIT?
Out the window. FISCAM? Who
needs it? SOX, HIPAA, GLB? No
thank you.
So the next time someone challenges your organization’s security
model, rather than beating
around the bush, making excuses,
blaming budgetary woes, faulting
management’s lack of vision, or
chastising vendors, think outside
the box. State up front that your
security model is faith-based and
take a swerve around all the
minutiae. Treat these details like
all of those log files you haven’t
reviewed since you upgraded to
NT Service Pack 2. Build in backward “time basing” to the ultimate IT apocalypse—the
implosion of the commercial
Internet. After that, who will care
about digital security anyway? c
HAL BERGHEL is associate dean of the
Howard R. Hughes College of Engineering at
the University of Nevada-Las Vegas, the
director of the Center for Cybersecurity
Research ( ccr.i2.nscee.edu), and co-director
of the Identity Theft and Financial Fraud
Research and Operations Center
( www.itffroc.org).
© 2008 ACM 0001-0782/08/0400 $5.00
DOI: 10.1145/1330311.1330315
Coming Next Month in
COMMUNICATIONS OF THE ACM
Web Searching in a Multilingual World
How Intuitive is Object-Oriented Design?
Words for Pictures for Dual Channel Processing
Emerging Trends in M-Government
Taming Heterogeneous Agent Architectures
Improving the Change Management Process
Coordination in Emergency Response
Management
Reducing Internet Auction Fraud
Also: Meet the candidates running for
ACM’s general election
