 December 2001
WE'RE INTERESTED IN YOUR
POINT OF VIEW!
Letters should be e-mailed to Andy Briney.
Please include your name, title, organization and location.
Letters may be edited for space and clarity.
URL
references to Information Security articles in the
following letters assume the www.infosecuritymag.com/articles
prefix.
Hire
Security
It was nice to hear Jay Heiser
echo the same frustrations and concerns I've had over the last couple of years ("Pay
Your Dues," /october01/columns_curmudgeon.
shtml). The boom economy made it possible for people to
get jobs they had no right to even attempt due to lack of skills or experience. But while
an NT administrator could get away with this, it doesn't work
with infosec.
Unfortunately, that doesn't seem
to be what people hear when they look at working in security.
I've had the misfortune of having to interview people who
responded "PGP" when I asked what encryption algorithms they'd
worked with. Now, with the economy in the toilet and everyone
talking about security, I'm terrified of who HR or my
management is going to send me next to interview.
TOBY KOHLENBERG, CISSP,
GCIA
Kudos
I just wanted to say that your
magazine is really great stuff, and your online material is
excellent. Keep it up.
ZAC PEAKE
Zeus Technology Ltd.
PKI
Integration
Regarding Ben Rothke's "PKI: An
Insider's View" (/october01/columns_logoff.shtml): Well said! I'm a sales engineer who
works on many PKI projects and have watched with great
frustration while customers pick apart the details of the
technology with absolutely no plan on how to deal with
functional/business processes that should be driving the
project. My experience shows customers often try the blanket
approach of using PKI as a total security solution without
realizing the enormous complexity of PKI enabling numerous
backend applications and services. I like PKI in pieces for
specific services, and push my customers (and potential
customers) in that direction when I can.
BRIAN A. FRAIZE
V-ONE Corp.
I'm often asked
to provide "a sure-fire PKI solution" to a client's
infrastructure woes. These clients often don't really know
what their security issues are. Most assume they know what
they need, and that's PKI. Rothke made some direct hits on the
subject, and I'll be sure to reference his article the next
time I get pinged to provide the infamous PKI
solution.
JERRY L. DAVIS, CISSP,
GSEC
I read this
article with great interest and agree 100 percent. I've
attended the past three RSA conventions, and every year it
"felt like" PKI was on the verge of making it big. I guess the
RSA setting and PKI fervor made me forget just how difficult
it was to explain (much less sell) the idea of PKI to
management.
ROMEL RAUSA LLARENA
Surveying
Awareness
I wasn't surprised to see that
lack of end-user awareness was the top obstacle identified by
the respondents to the 2001 Industry Survey (/october01/images/survey.pdf).
Even the selected comments indicated that security personnel
are frustrated with the lack of commitment management shows
toward awareness and security as a whole. Since Sept. 11,
we've seen a scramble from companies whose management had
enabled or allowed them to implement an awareness program.
However, the question arises: What will it take to get
managers elsewhere to realize the importance of this
issue?
CHRIS COOK
Security Awareness Inc.
EDITOR'S
NOTE:
All article titles and decks
(subheads) are written by the magazine's editorial staff, not
the articles' authors. Just as you wouldn't judge a book by
its cover, these titles and decks aren't meant to tell the
whole story of the article. Rather, they're meant to
encapsulate the article's core message, capture the reader's
attention and encourage him or her to read on. The published
title and deck of Tippett's column fulfills these
criteria. |
