Daniel Carosone <[EMAIL PROTECTED]> writes:
> On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote:
>> > So we need to see a "Choicepoint" for listening and sniffing and so
>> > forth.
>> No, we really don't.
> Perhaps we do - not so much as a source of hard statistical data, but
> as a source of hard pain.

That might not be such a bad thing. Object lessons have a way of
whipping people in to shape. A few more heads rolling might convince
others that security isn't optional.

In the late 1960s, several major brokerage firms went under because
they didn't have their accounting systems sufficiently automated. The
people on the business people thought of I.T. as a necessary evil
rather than as the backbone of their business, and they paid the

At intervals, business gets major accounting scandals, about every 20
to 40 years when people forget about the last set. I suspect
I.T. crises are similar. It has been so long since the last one
happened in the financial industry that the institutional memory of it
is now gone, so we're ripe for another.

It is my prediction that we will, in the next five years, get the
failure of a couple of international financial institutions because of
insufficient attention to systems security, again because there are a
few executives in the business who do not understand that I.T. is not
an expense that needs managing but rather the nervous system of the

> People making (uninformed or ill-considered, despite our best efforts
> to inform) business and risk decisions seemingly need concrete
> examples to avoid.



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to