LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Preventing cyber thefts poses hard challenge for companies - City & Region - The Buffalo News
From:	"David T. Macknet" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Mon, 18 Nov 2013 08:53:35 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

It's a hard sell, to convince people that applications and systems need
to be built with security in mind. Too often I've found that it's
regarded as something to be added when the application is up and running
- sort of a luxury, almost, similar to adequate comments in the code,
and training materials. I've found this across many industries
(financial, maritime, biotech, manufacturing). The resistance comes from
management, who seem to believe that it's someone else's responsibility;
from developers, who don't think about security in their day-to-day work
(nor about how things could be misused); from project managers, who cue
off of the developers in believing that it's a difficult /
time-consuming effort - and the list could go on.

Bruce Schneier tells a great story about the mindset needed: he received
an ant-farm, as a young child. This ant-farm did not contain any ants,
but contained a business-reply postcard upon which he was to provide his
name and address, to have the ants sent to him in the mail. He realized
that there was nothing preventing him from putting someone else's
address on that card. That mindset - the mindset which asks how
something could be purposefully misused - is what is required. That
mindset is unfortunately rare.

Cheers,

-David

-------------------------

DR. DAVID T. MACKNET
MCP, MCSD, BA, MSc, MLitt, PhD

email: [log in to unmask]
Flickr: http://www.flickr.com/photos/wishiwerebaking/ [1]
Blog: http://davimack.members.sonic.net/blog/ [2]
LinkedIn: http://www.linkedin.com/in/davidmacknet [3]
Stack Overflow: http://stackoverflow.com/users/6850/david-t-macknet [4]

Links:
------
[1] http://www.flickr.com/photos/wishiwerebaking/
[2] http://davimack.members.sonic.net/blog/
[3] http://www.linkedin.com/in/davidmacknet
[4] http://stackoverflow.com/users/6850/david-t-macknet

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US