Security Executive Council’s New Approach

The Security Executive Council has pioneered a new approach for the security executive called the Next Generation Security Leader. There are some problems with this focus. The Security Executive Council should consider the following.

The current approach to Cyber Security is based on the pretense that there is a technological solution to Cyber Security. Cyber offense is outstripping Cyber defense and academia cannot even offer proof that a software system is trustworthy. In addition vendors are on the verge of destroying the category by over promising and under delivering.

While Cyber Security threatens every aspect of Internet use, its users have not demonstrated the will to protect themselves and those they leave exposed? Their neglect and failure to act impact the public as well as the critical infrastructure with its defense industrial base.

The practical technologies to protect against insider threats, ensure against unauthorized access, and protect against unauthorized file access are often ignored by organizations. These include passive forensics, three factor authorization, and encryption. However, it requires a commitment to some level of effort to use these; and organization executives lack the will to act, and vendors benefiting from the chaos lack the motivation to press the issue.

Recapping the situation:

  1. Nondeterministic software systems cannot be proved trustworthy (Rice’s Theorem).
  2. Innovation in Cyber offense is outstripping innovation in Cyber defense.
  3. Cyber vendors and Cyber researchers in academia benefit from the chaos that has descended on Cyber Space and lack the motivation to impact the current state.
  4. In particular, Cyber vendors are on the verge of destroying the category by over promising and under delivering… and withholding common sense and straightforward advice.
  5. Organization executives have yet to demonstrate the will to exercise due diligence and to take the steps necessary to use the Internet in a prudent fashion.
  6. Government needs to take the steps to eliminate the moral hazard factor since the impact of Cyber Security disruptions is not restricted to the Internet using organizations but extends to the public, the critical infrastructure, and the defense industrial base.

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: