Monday, May 29, 2006

Recommended Reading on Federal IT

CIO Magazine absolutely hammered government IT in its lengthy story Federal I.T. Flunks Out. You wouldn't read that news in FCW. Commenting on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem is this former IRS CIO:

"Ultimately this is a security threat," says John Reece, a former IRS CIO and now a consultant to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 federal government. "If we can't get beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 legacy systems we have today, while our enemies are starting off with state-of-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-art technology, what's going to happen is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're going to absolutely tear us to pieces again."

Wrong. It's not a security threat. Poor IT management is a vulnerability. Argh.

2 comments:

Anonymous said...

Wrong.
"Threat" -- one that is a potential danger or menace.
Do poor management practices create an event or situation of potential danger or menace? Yes.

Richard, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 quote you provide uses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 modifier "this" as a pronoun. The poor word choice and usage displayed here is called a dangling modifier, something he should have learned by fifth grade:
"Ultimately this is a security threat...". What is a security threat? No one knows from that statement, because of his poor word choice.

You two need to learn some proper english, which is very difficult for most techies.
He is using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term 'threat' correctly as a situation that is a potential danger or menace. But his lazy usage includes 'this' as though it were a meaningful subject, which it is not.
You, on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, simply misunderstand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 words 'threat' and 'vulnerability' and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir usage. Here is a statement that is correct: while poor IT management allows software and hardware vulnerabilities on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network to exist, IT management itself is not a vulnerability. It may be a lazy practice, but it is not a vulnerability.

Richard Bejtlich said...

Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 full quote:

"Ultimately this is a security threat," says John Reece, a former IRS CIO and now a consultant to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 federal government. "If we can't get beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 legacy systems we have today, while our enemies are starting off with state-of-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-art technology, what's going to happen is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're going to absolutely tear us to pieces again. I say this because I, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs like me, give a big damn about what we've been trying to do, and we would like to see this stuff get cleaned up before it's too late."

"This" seems to refer to "legacy systems". Legacy systems are not a threat. Legacy systems expose vulnerabilities.

"Poor management practices" do not create threats, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r. They create vulnerabilities.

Your own definition says "one that is a potential danger or menace." One sounds like a "party" to me, as is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case with my previous threat definition.

I honed my English getting a master's degree from Harvard. :)