Having just written a piece about CERT and ego trips I feel obliged to counter-balance it with a pointer to an interview worthy of applause.
The humble and intelligent interviewee is Daniel Mehan, CIO of the FAA whom I will describe with two quotes regarding security.
The first describes how to improve "cyber security": To improve cybersecurity, Mehan said the FAA and all business must harden individual network and system elements, isolate elements to avoid viral attacks, and backup elements to support event recovery. "You're going to catch a cold," Mehan said. "The trick is containing the cold.".
The second shows that a good security practitioner doesn't necessarily come with an ego the size of the planet: Even so, Mehan said he couldn't guarantee that FAA systems will counter all unseen attacks. Hackers are continually arming themselves for new attacks, he said. Thus, the FAA and other organizations must remain on their toes and continue to improve their cybersecurity efforts. "This is an area where you always have to be prepared," he said.
As I said: intelligence and humility.
Posted by arrigo at January 29, 2003 04:47 PM