1) don't do it at all. Vulnerable families remain vulnerable to organised crime and we have systemic weakness to state and/or vandal attack (worms, botnets or whatever else.)
2) Government does it, in public, performed by public servants, with appropriate guidelines that are enforced under pain of criminal prosecution. This has the opportunity to shame and possibly sue ISPs who provide default routers that suck giving indirect systemic benefits.
3) Private enterprise does it. Facebrick and Gogglers being the obvious candidates who one would think would just love to get in there, probably with the same checks and balances they've enjoyed so far.
4) Some rumsfeld style unknown unknown, beyond my limited imagination - really keen to hear if anyone has an idea here.
I absolutely agree with you that the number of people in positions of power who are completely f&^ing clueless about the domain over which they make decisions is astounding and a huge, massive problem. It still isn't required to have someone who knows what a usb drive is on your board of directors while they sign billion dollar contracts with Oracle, IBM Global Services, Accenture and whoever else has the best con, for example. Same for public service IT consulting contract ripoffs of which ripoffs utterly dominate the space.
So the "expert" minister thing you raise is really bad. Just as you say it is in fact and must be remedied across the board in all countries.
And I'm still going with (2) govt. doing it, with public scrutiny as the best of the available options.
Although I agree with the base of your point, I think it is worth noting that there are likely plenty of folks underneath him with the knowledge to sway policies and implement them. In other words, a department can still be functional and even successful if their boss listens and applies the ideas offered.
>Although I agree with the base of your point, I think it is worth noting that there are likely plenty of folks underneath him with the knowledge to sway policies and implement them.
True, and while I understand that high level officials do not necessarily need to be able to write code or explain the difference between public and private key crypto, they should have a base level of understanding to make decisions on the materials prepared by their employees.
I don't think someone who isn't familiar with the concept of a USB drive is at that base level of understanding.
I agree - nobody needs to be a crack in any area, but whoever will take decisions needs at least a base understanding of the theme to judge the validity of the foundations on which those recommendations are based upon; anybody could be a manager if blindly following recommendations by subordinates would always end up in the best choice.
EDIT: but "Gpetrium"'s statement is actually still correct ("a department can still be functional and even successful if their boss listens and applies the ideas offered") - maybe from this perspective it's more a "must" for a successful manager, but, after the "listening" comes the "judging" and that MUST be based on own know-how.
Recently saw a pentester post stating that entry occurred when she asked a person to print something from usb which required showing the employee how to identify the usb once plugged in etc. (Baseline may be terrifying)
1) don't do it at all. Vulnerable families remain vulnerable to organised crime and we have systemic weakness to state and/or vandal attack (worms, botnets or whatever else.)
2) Government does it, in public, performed by public servants, with appropriate guidelines that are enforced under pain of criminal prosecution. This has the opportunity to shame and possibly sue ISPs who provide default routers that suck giving indirect systemic benefits.
3) Private enterprise does it. Facebrick and Gogglers being the obvious candidates who one would think would just love to get in there, probably with the same checks and balances they've enjoyed so far.
4) Some rumsfeld style unknown unknown, beyond my limited imagination - really keen to hear if anyone has an idea here.
I absolutely agree with you that the number of people in positions of power who are completely f&^ing clueless about the domain over which they make decisions is astounding and a huge, massive problem. It still isn't required to have someone who knows what a usb drive is on your board of directors while they sign billion dollar contracts with Oracle, IBM Global Services, Accenture and whoever else has the best con, for example. Same for public service IT consulting contract ripoffs of which ripoffs utterly dominate the space.
So the "expert" minister thing you raise is really bad. Just as you say it is in fact and must be remedied across the board in all countries.
And I'm still going with (2) govt. doing it, with public scrutiny as the best of the available options.