UK.gov's flagship infosec program ISN'T DELIVERING - but all's still well, say auditors • The Register Forums

Friday 12th September 2014 11:43 GMT IT Hack

Those who can't teach

"The programme’s objectives include tackling cyber crime and making the United Kingdom among the best places in the world to run secure e-commerce operations."

I laughed. Simple fact...unless there is a financial return or there is a regulatory requirement a lot of companies don't get give a rats arse if they need to spend £££.

I will say that my comment comes off the back of a meeting with the CFO to invest in some basic security measures that we are currently lacking.

Thank fek its bloody Friday.

/hrmph

2 0 Reply
Friday 12th September 2014 13:25 GMT phil dude

best practices...

The point is , no matter what your OS, there should be a "Best practices" document/website/agency to make it better for everyone?

I would be interested, in the aim of fair competition for M$ , Apple and the FOSSers to have a "hack me if you can competition". Do these exist? Or is this what CERT is for...

I have been to conferences with the "the wall of shame" running and it is informative - if techies are this bad, what must the world be like?.

But the whole commercial incentive is to ignore bugs until you are forced to deal with them. This is different from not having the staff as there is no liability attached to bad code.

It is a culture thing that airplane manufacturers and rocket builders tend to demonstrate.

P.

2 0 Reply
Friday 12th September 2014 13:37 GMT Hargrove

From the tarpit

From the outset a caveat that I'm a dinosaur, and a fossilized tarpit dweller, but it seems some things are fundamental.

I believe the roots of the lack of understanding noted go back nearly half a century now. The are the result of disastrously misguided perceptions on the part of US Secretary of Defense MacNamara. In defiance of all reason--and despite overwhelming evidence that they were total nonsense--they not only took hold, but have since become rampant global infections.

The idea that functions like project management, systems engineering, reliability, and security are disciplines that can be learned and practiced independent of first hand knowledge and experience of the systems being managed, engineered, made reliable, or secured AND of the user's capabilities, requirements, and operating environment is patent nonsense.

The Salesmen on the Rock Island Line in the Music Man have it right. At the end of the day, "Ya gotta know the territory. . ." If ya don't bridges fall down, road systems and urban areas flood when the monsoon hits, airliners disappear into thin air, and hackers waltz into our IT systems and make off with our credit card numbers and knickers with complete impunity.

3 1 Reply
Friday 12th September 2014 14:32 GMT 0laf

I think things are better than there were but that's all come from the guys working in the trenches forming their own inter-agency networks. Not from this MP led pork barrel.

Cabinet Office still expects the work to be done by everyone else while they stamp their name on the end product and take the credit.

1 0 Reply
Friday 12th September 2014 16:51 GMT Robert Helpmann??

User Error

"The current cyber security skills initiatives have been focused on providing the skills for individuals employed in cyber security roles... which does not address the need to improve the security awareness and skills of everyone involved in the design, production and USE of software-based systems.

Emphasis added. This is the most seldom addressed area of security and, as a consequence, one of the most easily exploited. Amen, brother.

1 0 Reply