Back to school . . . and . . . is Information Security hopeless?

August 13th – even though I taught during the summer, there’s always some excitement in the air when Fall Semester starts, and this is no different.  Since I don’t teach any freshman classes this semester, I won’t get to see any excited young faces in class, but there’s still a newness that makes Fall seem different.

I do hope to resume blogging on IT and, in particular, Information / Cyber Security, and to up that to several days a week.  With that in mind, an article in today’s ComputerWorld online caught my eye, and it’s a real eye-opener.  This article, (9 popular IT security practices that just don’t work) really questions not only the practices that corporations and organizations deem to be crucial to IT security success, but the foundations of what I and other professors teach (or is it, preach?).  From using lengthy passwords to “patching is no panacea” to “your firewalls provide little protection,” that apparently none of these work is a scary proposition.  I’ll admit that we’re always seemingly two steps behind the bad guys, and that’s something that may not change for the foreseeable future.

However, there is no doubt that I (and other security professors) will continue to teach these concepts.  I think that what we’re going to have to do is still encourage students to follow these practices, but ensure that they understand that while there’s just no perfect solution to solving the overall problem of cyber security, to just throw our hands up and give up is no solution, either.