The five part article by Craig Timberg published by the Washington Post in 2015 dramatically illustrates some of the core reasons why information and internet security is the problem it is today. Timberg covers a lot of ground, including why some critical systems were not designed with security in mind, and why they are effectively unfixable today. He also highlights the strong incentives that have technology vendors focused on features but lagging in the security domain. All in all, the view Timberg presents is pessimistic.
Despite this daunting prospect, many organizations are effectively implementing information security policies and practices, and are maintaining good defenses against malicious actors. Most such organizations use a variety of policies and practices covering employee education and incentives (such as those studied in the Siponen (2009) paper), technological resources, management attention, and an openness to ongoing improvement to stay ahead of the attacks. After reading this perspective, do you agree with Timberg’s pessimistic perspective, or are you more optimistic about the future of the internet, information technology, and where it appears to be going in the next five to ten years? Spend some time reflecting on this, and summarize your reactions to this article and its perspectives in. Next, consider how you might use this information to educate or inform an organizational leadership team about the nature of information security today. Provide some thinking on how you might leverage this article in such an activity.