Skip to content

My GWU Discussion – Part 3 – What to do About Cybersecurity

This is my third (and thankfully to most readers, last) post about a class at I gave at George Washington University earlier this year. The professor, Dr. Robert McCreight, invites me to be a guest lecturer on cyber-security from time to time. I posted a copy of my slides in the previous two posts and do so again here:

George Washington University Slides on Cyber-Security

In the last post I returned as I often do to the question “How to be secure when each component of your solution is itself insecure?”. I find that most practitioners, and in particular their management, are in denial on this issue. While my first suggested step which is to practice security hygiene is useful it does not help against a determined attacker.

While I am not sure if anything short of not connecting to anyone will work all the time, two possible approaches seem promising.

My GWU Discussion – Part 3 – What to do About Cybersecurity

WikiLeaks

Since the latest set of releases associated with US diplomacy through WikiLeaks there has been endless commentary on all aspects of the leaks. I have read through many of the comments and columns and been… WikiLeaks

The Problem With Government Security

During the time I served as the CIO at the US Department of Transportation when I wanted to annoy my Chief Information Security Officer (CISO) of the CISO staff, I would point out that in my opinion there were two things wrong with computer security within the Federal Government.

First, we put security in charge.

Second, we kept secrets.

If we solved for those two issues, we would not have a security problem.

Of course, I was joking. Well sort of.The Problem With Government Security