0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 About

Senior Paper

continually improving and evolving.

Tomhave 17

There is more to continuous improvement than just measurement, however.

Another part is defining process, with the goal of determining best practices. What this

means is that the business and the technologists need to identify how things are done

and determine, through the use of benchmarking, the optimal state of these processes.

Once this task has been completed, it is then necessary to go back after a set interval

of time and re-evaluate processes to see if they are still the best practices. Sometimes

the business will have changed, requiring the processes to be changed. Or, in the

case of security, new advances either in hacking or in security technology may require

new practices.

Finally, the last part of continuous improvement is defining and improving

communication vehicles. For the security community, these vehicles are often seen in

the forum of vendor-initiated bulletins, CERT bulletins, CIAC Notes, etc. Often times

these vehicles arrive via email. For the business, there are also vehicles such as

newsletters, intranet sites, physical bulletin boards, etc. Regardless of the kind of

vehicle, the point is that the business needs to define the vehicles in order to

determine how information and knowledge is distributed. For those in security, this is

a key to addressing problems and even proactively addressing issues. By

communicating with others, security issues can be defined and solved before

members of hacker communities are able to make use of these techniques.

When taken together, these solutions form a comprehensive, proactive

approach to addressing security concerns, whether they exist now or in the future. The

problem lies within the system in that students and administrators are not currently

being taught why certain methods are used. Or, perhaps more correctly, the

importance of knowing "How-come" has not been dully impressed on the minds of

future administrators. As a result, we live in a generation of administrators who rely on