Security Basics mailing list archives
Re: A reminder that security is not inherently solvable with technology
From: "Steve" <securityfocus () delahunty com>
Date: Mon, 27 Oct 2003 12:21:53 -0500
Building off Jeremiah's email about a Hippocratic oath for IT, this is where our profession is vastly different than many others, we lack a formal standard code of ethics. We do have formal education, we have continuing education, and so forth. But while doctors are governed by regulatory bodies and lawyers and so forth, we in IT are not. I do believe we are true professionals though. There are some associations for IT that offer their own code of ethics. The Network Professional Association (NPA) has one. http://www.npanet.org/public/about_codeofethics.cfm There are other IT related associations that have them as well. The NPA has looked at having a real registry of the members where background checks validate education and experience for anyone to see or upon request, would something like a real registry of IT professionals benefit our industry? ----- Original Message ----- From: "Jeremiah Powell" <jdpowell () compgeo com> To: <security-basics () securityfocus com> Sent: Friday, October 24, 2003 6:33 PM Subject: RE: A reminder that security is not inherently solvable with technology
-----Original Message----- From: Mike Peppard [mailto:mpeppard () impole com] Sent: Friday, October 24, 2003 12:02 PM To: security-basics () securityfocus com Subject: RE: A reminder that security is not inherently solvable
withtechnology
Offshore business-process-outsourcing sales will leap 38% this year to $1.8 billion
http://www.informationweek.com/story/showArticle.jhtml?articleID=15306236
With this type of money riding on outsourcing there are substantial incentives to
<SNIP>
"put" the controls in, who puts the controls on us? Hippocratic oaths?
As an interesting note, part of my time with the University of Oklahoma's Student support team involved crafting my own, personal 'IT Hippocratic oath.' While some may find it cheesy (along the lines of 'vision statements' and 'executive team-building retreats') I belive that the values the IT team were trying to instill have an effect. If only to get you to think about this stuff (security, rights and responsibility, policy) in between configuring your dual-firewall frontier system with DMZ. Things like having people craft an oath are cheap and may have use. If they can only give the correct bias to thinking about users and coping with their problems, then these 'social solutions' (like the Medical Hippocratic Oath) can be very effective. I cann't overestimate the value of oaths and statements in security policies. When done to reflect the real world, they convey the critical missing element in so many security systems, namely 'why.' My oath is attached to this message. It has been years since I first wrote it, but it (only verion 1.1) still expresses my ideas about what IT should be. Hopefully it will continue to serve me, as should yours serve your if you write one. Now if I could only find that url about 'how to manage your manager' again, I could get some financial support behind this... Sincerely, Jeremiah D. Powell Systems Admin, Computational Geosciences Voice (405) 360-0472 / Fax (405) 307-0866 330 W Gray Suite 500; Norman, Ok 73069 ---------------------------------------------------------------------------- ---- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- hunt tool Jorge Garcia (Oct 21)
- Re: hunt tool Toyama no Benbei (Oct 22)
- A reminder that security is not inherently solvable with technology JGrimshaw (Oct 23)
- Re: A reminder that security is not inherently solvable with technology Kamal Habayeb (Oct 23)
- Re: A reminder that security is not inherently solvable with technology Paul O'Malley (Oct 24)
- RE: A reminder that security is not inherently solvable withtechnology Mike Peppard (Oct 24)
- RE: A reminder that security is not inherently solvable with technology Jeremiah Powell (Oct 27)
- Re: A reminder that security is not inherently solvable with technology Steve (Oct 27)
- Re: A reminder that security is not inherently solvable with technology John T. Hoffoss (Oct 28)
- A reminder that security is not inherently solvable with technology JGrimshaw (Oct 23)
- Re: hunt tool Toyama no Benbei (Oct 22)
- RE: A reminder that security is not inherently solvable with technology jm (Oct 23)
- RE: A reminder that security is not inherently solvable with technology Tsai Li Ming (Oct 24)
- <Possible follow-ups>
- RE: hunt tool Jorge Garcia (Oct 22)
- Re: hunt tool Eric Hagen (Oct 22)
- Re: hunt tool Jorge Garcia (Oct 24)