Taking the Security Message to the Suits
Security talk may turn off upper-level management and that's a big problem warned speakers Wednesday at the Security Decisions conference.CHICAGOWhere does the security buck stop? All of the certifications and training in the world wont make any difference to the security of corporate networks if senior managers and top executives dont understand the problems and requirements faced by security professionals, a consultant and former CIO said in a Wednesday keynote speech here at the Security Decisions 2003 conference. "We dont have to make the CISSPs [certified information systems security professionals] smarter, we need to make the suits less dumb," said Thornton May, a member of the executive education faculty at the University of California at Los Angeles and a futurist who spends much of his time speaking with CIOs at large corporations. "Right now, they just dont understand what the problems are. Theyre coming out of business school not knowing that information security is important. We have to change that." In order to do that, May said colleges and universities need to do a better job of instilling in students the importance of security. He suggested that business school students be required to pass an exam of their knowledge of safe computing practices.
"We cant continue to barf out uneducated graduates into the world," May said. "We need to make grads pass a safe computing test. Otherwise, were in trouble."