 |  | |
 | ||
| | |
| ||
|
URL :
 |  |  |
 |  November 2002WE'RE INTERESTED IN YOUR POINT OF VIEW! Letters should be e-mailed to Andy Briney. Please include your name, title, organization and location. Letters may be edited for space and clarity.  Super Survey I liked the Information Security annual survey. One does not normally see
material of this quality and rigor in the commercial press. One question. Do the
budget figures in the survey (e.g., $1.454 million for small organizations)
include staff costs, or just purchased products and services? If staffing is
included, I'd be curious about the budget ratios of staff to products and
services. BRINEY & PRINCE RESPOND: Zipped Encryption The problem actually lies in the encryption technology on which the article was centered. Vendors of AV gateway products usually give their customers the option of deleting encrypted attachments or passing them through unscanned. Most elect to pass encrypted attachments through unscanned. While I see the new encryption technology in PKZip as a useful feature for
knowledgeable users who are already encrypting their e-mails, I'm concerned
about the possibility of this technology being propagated to the uneducated
masses. The end result could be less secure enterprise environments or the
abandonment of encryption as an option to mail confidential information, as
administrators are forced to strip all encrypted attachments. Contrasting Columns Given all of that, I found it to be wonderfully ironic that, on the next
page, you introduce Marcus Ranum's new column "Cool Tools." I wonder what Mr. Heiser would make of that. Kudos I just wanted to thank you for the great content of your newsletter, Security
Wire Digest. I have been writing an e-newsletter about security issues in
general, and the articles I've read in your newsletter have given me a better
understanding of IT issues. I especially wanted to commend Michael Fitzgerald on
his excellent article on the government's cybersecurity plan. It's really one of
the best articles I've seen in an e-newsletter. The information, quotations and
analysis are great. Nice job! Sensational CISO SupplementEDITOR'S NOTE: I recently received a copy of your CISO Magazine with my last issue of
Information Security, and wanted to let you know it is the best magazine I have
ever read. The magazine kept my full attention from cover to cover, unlike other
magazines, which tend to lean more towards product pitches. I look forward to
reading future issues and will definitely recommend it to friends and
colleagues. I just started subscribing to your magazine, and I find it an interesting and
helpful resource. I particularly enjoy the balance of perspectives, and its
useful focus on topics of interest to the CISO community. Keep up the good
work. I'm the CIO of a "security-aware" company. I read CISO magazine and found it helpful and interesting, but I have one criticism. Why did you place the CISO in an underling position? As the CIO (VP of information security) I would not be able to implement the necessary security policies if I did not have a senior position in corporate management. As you know, security is that great unknown. It costs a lot and you see nothing until you don't have it and get caught, and then there's no expense that's too great. I personally believe that if the CISO is not "functionally" in a position on the management level, then he/she is relegated to a "techie" position of managing firewalls and routers and being the antivirus/content "watchdog." As far as I am concerned, I don't need a CISO for these purposes. A CISO must
deal with budget, strategy, policy and, perhaps, personnel. Corporations that do
not understand the importance of how vulnerable they are will one day find out
and then wonder why their CIO isn't also a security expert. Correction November 2002 Table of Contents Copyright 2002 TechTarget | |
 |  |  |
