|
Challenges in managing critical resources In which the management of uncertainty of impacts includes the design and implementation of:
Administrative challenge of controlling and safeguarding access to and usage of proprietary information In which an independent verification and validation process is institutionalized that attests to an acceptable status of trust in the integrity of information resources, systems, and agents. Challenge of technology infusion In which the management of enhancements to technology is addressed. Currently, technological enhancements of products and services is expanding at a phenomenal rate, while management methodologies, prototyping strategies, and tactical planning for their incorporation into enterprise domains are expanding at a much slower rate. Due to the dynamics and the proliferation of products and services, management is faced with a significant degree of uncertainty in deciding whether or not to use freeware, shareware, COTS products, or end-user-developed systems. Furthermore, if these are used, how will management control proprietary and/or critical information, when should they be used, and what will be the associated long-range sustaining costs? EYE OF NEWT, HAIR OF DOG, BLOOD OF BAT, In conclusion, information security is bounded only by our own prejudices and short sightedness. In the last five years, security has changed from a discipline that was fairly isolated and unique, and easily controlled and administered, into a management dream turned into a nightmare. The Security druids of the 1980s, crouched over boiling cauldrons muttering strange incantations and peering into the future, have been replaced with the 1990s techno-wennies and security geeks who were let out of their closets gloomily forecasting that:
We have looked SATAN in the eye (1994) and danced with the devil in the pale moonlight (1995,1996). We are still here, the values, issues, and concerns are still here. Although we have made progress in determining what is needed, we are still ignoring the simple fact that adequate security safeguards and protection mechanisms have to be designed for, and built into our systems. We must take the initiative by accepting a synergistic approach that combines the current development and maintenance disciplines into a single Integrity Engineering discipline as the future answer to our concerns.
|