CSO

The online world is full of 2006 recaps and 2007 technology predictions. I'll start with my perspectives on 2006 ...

We've all read stories about some of the new kids on the block. They've grown up as the tech savvy gamers that are now entering the work force with different values and expectations.

One colleague from a major consulting company told me that the "inappropriate surfing" problem was so bad in their company that they just stopped all web filtering, with the exception of spyware, etc.

Just a quick reminder that you have one week--that's right, seven more days--to submit a nomination for the 2007 Compass Awards.

Depending on who you talk to, the Federal Information Security Management Act (FISMA) is either the greatest thing in the world or a government bureaucratic mess. Is FISMA coming soon to a state or local government near you? Isn't the first word "Federal?"

Why this history lesson? Well, I'm back to worrying about culture again. In fact, changing the culture is still number one on my list of the things that keep me up at night - besides my kids. Over time, I've learned that the big incidents like "Code Red" outbreaks, blackouts, and other front page news, actually present opportunities to garner enterprise support, build momentum, and show what your team can do.

All of this may appear rather obvious to you. Of course, Michigan's government security would come nowhere close to NSA's. Nevertheless, I just had no idea how big the culture shock would be. In the beginning of my state career, I barked out "change those passwords" and "activate your screensaver" orders, like never before. I honestly thought that all that was needed was a few months, or perhaps at most a year or two, of National Security Agency (NSA) indoctrination into the "proper security etiquette" and everything would be set right.

It was an early autumn day in 1997. I had just moved to Lansing two months earlier to become the Director of IT for the Michigan Department of Management & Budget (DMB). We were busy revising our overly complex Y2K remediation strategies, but something else was bothering me. It was the computer security, or the lack thereof.