I think the success or failure of such a role will depend on the same factors that make Information Security work in the private sector - commitment from the top and buy in from the major stakeholders. There seem to be alot of unanswered questions, besides who will hold the post, such as what level of authority the position will hold, what kind of budget it will control and if it will be more than a single point of coordination for existing agencies.
Protecting a business is difficult enough, ensuring there is adequate resources, executive support is maintanied over time along with continuing co-operation from various departments and divisions. Protecting a country, where there is a history of inter-agency antagonism and where private industry hold so much power of parts of the critical infrastructure is a mammoth task.
I wonder how long it will be before our government decides they too need someone in charge of information security? If they do, I can only hope it is handled better than the National Braodband Network and the government web filter. Experience suggests otherwise however...
==
As an update there is a great opinion piece on the history of the 'cyber-czar' and what it may amount to here
0 comments:
Post a Comment