CSO

The Internet is (still) overflowing with news stories, blogs, pictures and videos about Governor Sarah Palin. Politics aside, everyone seems to have a new angle on her email account getting hacked or her latest appearance on Saturday Night Live (SNL). Are there lessons here for security professionals? You betcha!

In a recent government technology conference, Frank Abagnale, whose life was the subject of the movie "Catch Me if You Can," said that there is minimal risk for criminals involved in identity theft. He said only about 1 in 700 thieves are caught and charged.

We've all heard war stories of Internet hot spots that are actually too hot (with bad guys capturing keystrokes). And yet, millions of web surfers use this convenient, free online access every day.

What should be the message from the security community? More important, what are you and your colleagues doing?

Despite major progress over the past decade regarding digital government, a recent report by the Brookings Institute claims that e-Government progress has fallen short of expectations. While powerful success stories abound, the report highlights areas needing improvement.

The National Institute of Standards (NIST) hit a big milestone last week with the release of a mandated Internet Protocol version 6 (IPv6) specification for the federal government. The Office of Management & Budget (OMB) now want products and services that are built to the new specs.

I never cease to be amazed by the new scams that are released. I don't know who these bad guys hire, but it almost seems as if they hire their own PR firms to help them figure out what Internet tricks to try next. Most of these eventually show up as alerts from major security vendors, but by that time, the scammers have already moved on to the next idea.

McAfee's Avert antivirus labs found that almost half of all password-stealing Trojan software detected in the last year target multiplayer online games like "World of Warcraft," "Everquest" and "Lineage." Just a game? No big business and big money.

As the election stories heated up during August, a number of articles appeared around the country regarding roles and responsibilities in cyberspace - and especially on cyber security. While everyone wants more money, two different camps have different approaches to the question: Should the government do more?

What does it take to be a successful CSO or CISO? While there are entire books on this topic, one important attribute is to think like an entrepreneur. No, I'm not talking about starting a side business. I am talking about a focus on the customer, confidence, energy, perseverance, integrity and care for others.

Lately, my email box has been filling up with seminars, newsletters and scary ads pronouncing that the next generation of information security problems has arrived. Is this just hype or something more?