| Chapter 48 – |
Y2K: Lessons Learned for Computer Security |
Tim Braithwaite
Chapter Contents:
| |
48.1 |
|
Looking Back
|
| |
48.2 |
|
Y2K: The Accusation and a Detailed Rebuttal
|
| |
48.2.1 |
|
The Allegation
|
| |
48.2.2 |
|
The Allegation and the Human Element
|
| |
48.3 |
|
Looking Ahead
|
| |
48.3.1 |
|
Y2K Was Really a Computer Security Issue
|
| |
48.3.2 |
|
Critical Infrastructure Protection
|
| |
48.3.3 |
|
Y2K Lessons Learned
|
| |
48.3.3.1 |
|
Lesson 1: Information and Process Integrity Are Now Believed by Management to be Important to the Business
|
| |
48.3.3.2 |
|
Lesson 2: "Supply Chain" Collaboration for Achieving Mutually Assured Information and Process Integrity Is Now Better Appreciated
|
| |
48.3.3.3 |
|
Lesson 3: Information and Computer Processes Are Important Corporate Assets that Need to Be Rigorously Managed
|
| |
48.3.3.4 |
|
Lesson 4: Y2K Demonstrated that Existing Technical Infrastructure Management Was Poor
|
| |
48.3.3.5 |
|
Lesson 5: Risk Management Must Become a Way of Life
|
| |
48.3.3.6 |
|
Lesson 6: Automated Business Environments Must Be Monitored Continually for New Vulnerabilities, and Their Protection Improved
|
| |
48.3.3.7 |
|
Lesson 7: Y2K Became a Due Diligence Issue for the Board and So Will Computer Security
|
| |
48.4 |
|
Making Computer Security an Issue for the Board of Directors
|
| |
48.5 |
|
Thirteen Steps for Board Oversight
|
| |
48.6 |
|
Challenges to be Overcome
|
| |
48.7 |
|
Critical Infrastructure Protection Issues That Need Resolution
|
| |
48.8 |
|
Conclusion
|
| |
48.9 |
|
Notes
|
|
|
|
