Donn B. Parker

What's Wrong With Information Security And How To Fix It
Sp-421 on 28 April 2005, 1500-1550

Our objective of probabilistic risk reduction through risk management is conceptually invalid. Our conceptual model of information security is likewise incomplete, inconsistent, and incorrect. We must replace our current conceptual model with a far more manageable, complete, and valid one and change our objective from security risk reduction to due diligence, compliance with legal and regulatory requirements, and business enablement. This protects us and management from negligence and may serendipitously reduces security risk.

About Donn B. Parker
Donn B. Parker, CISSP is a retired senior information security consultant at RedSiren Inc. (spun off from SRI International) in Menlo Park, California. He has received most of the awards possible in Information security and computer crime research during 35 of his 50 years in the computer field. He has written numerous books, papers, articles, and reports in his specialty based on interviews of more than 200 computer criminals and security reviews of 250 large corporations. His sixth book, Fighting Computer Crime, a New Framework for Protecting Information with a forward by William H. Murray was published by John Wiley & Sons in 1998.