Where does the security buck stop? All of the certifications and training in the world won't make any difference to the security of corporate networks if senior managers and top executives don't understand the problems and requirements faced by security professionals, a consultant and former CIO said in a Wednesday keynote speech here at the Security Decisions 2003 conference.. . .
Where does the security buck stop? All of the certifications and training in the world won't make any difference to the security of corporate networks if senior managers and top executives don't understand the problems and requirements faced by security professionals, a consultant and former CIO said in a Wednesday keynote speech here at the Security Decisions 2003 conference.

"We don't have to make the CISSPs [certified information systems security professionals] smarter, we need to make the suits less dumb," said Thornton May, a member of the executive education faculty at the University of California at Los Angeles and a futurist who spends much of his time speaking with CIOs at large corporations. "Right now, they just don't understand what the problems are. They're coming out of business school not knowing that information security is important. We have to change that."

In order to do that, May said colleges and universities need to do a better job of instilling in students the importance of security. He suggested that business school students be required to pass an exam of their knowledge of safe computing practices.

The link for this article located at eWeek is no longer available.