DCD@CUNYVMS1.BITNET (07/16/89)
I am actively involved with a large microcomputer BBS for Mechanical Engineers (CIME-ISE, 608-233-5378). I will be giving a talk on the BBS at the International Computers in Engineering Conference this August in Anaheim, and am preparing a piece that will appear in the magazine Mechanical Engineering, the main organ (as they say) of the American Society of Mechanical Engineers (circ. approx. 130,000). I understand that the messages here are in general somewhat academic and technical, but perhaps the following line of discussion may spark some interest. I am intrigued by what can only be called the return of MIS: we all know the corporate Kulturkampf that took place not so many years ago when microcomputers became readily available--the MIS people (in large corporations) kicked and screamed, but eventually their power was diluted. Now, I am seeing reports that their day has returned. Relatively techno- illiterate upper management sees reports on viruses in Time, etc., and puts a call in that all decisions on software must be blessed from a newly power- ful management structure. Consider the following case, which I consider emblematic: a project engineer at a large chemical installation plant can 1) sign off on $50,000 daily, but igf but if he wants a $200 copy of wordstar, e.g., he must ask his piping supplier to buy it and bury it in an invoice; 2) he must use some cock-a-mamie line editor on his central computer; he, and many other engineers, circumvent this by burying their favorite programs on some hidden directory (of course against compnay policy) 3) he is being hassled about using the engineering BBS, and all BBS's in general. A valuable resource is being maligned and his productivity will suffer. I have no doubt that such corporate shenanigans are taking place all the time, and would be interested in any comments. Thanks for your time in reading this, Robert Braham E-mail: DCD@CUNYVMS1.BITNET Home: 1315 Third Ave., 4D New York, NY 10021 (212) 879-1026
ignatz@att.att.com (07/21/89)
In article <0004.y8907171856.AA19378@ge.sei.cmu.edu> DCD@CUNYVMS1.BITNET writes : >.... I am intrigued by what can only be called the return of MIS: >we all know the corporate Kulturkampf that took place not so many years >ago when microcomputers became readily available--the MIS people (in large >corporations) kicked and screamed, but eventually their power was diluted. >Now, I am seeing reports that their day has returned. Relatively techno- >illiterate upper management sees reports on viruses in Time, etc., and puts >a call in that all decisions on software must be blessed from a newly power- >ful management structure. > [A few examples elided] > >I have no doubt that such corporate shenanigans are taking place all >the time, and would be interested in any comments. > >Thanks for your time in reading this, > > Robert Braham >E-mail: DCD@CUNYVMS1.BITNET >Home: 1315 Third Ave., 4D > New York, NY 10021 > (212) 879-1026 I trust Robert reads this group; otherwise, well, he won't see this. I'm a consultant in the Chicago area, and have been for almost 11 years now. This means I get to encounter the MIS and computer policies of a number of different firms, both Fortune 500 and small ones. Most definitely, the MIS departments are attempting to re-assert their control over computing resources, and use of the current panic concerning possible viruses, worms, and other infestations by crackers is one of the prime tools. Unfortunately, these organizations often have little or no knowledge of the needs of the long-alienated users who now must clear requests through them; many are traditional IBM mainframe managers, who now must deal with the bewildering plethora of packages and utilities available to the micro- and mini-computer user. The (unfortunate) result is that often, only a very few programs and packages are considered 'authorized', and restrictive (and usually unnecessary) controls are placed on procurement and use. Even worse are some organizations who have installed usually unqualified personnel in the newly-created office of "Computer Security." In one unnamed company, this person was a lawyer whose qualifications were that he knew how to use Lotus 1-2-3. Period. In these cases, it's particularly difficult to express the difference between accepting a source copy of a public domain program, and a binary copy--this person passed down a directive that *all* PD software was to be scrubbed ASAP on all corporate machines. It took a **long** training session to explain the difference in verification capabilities, and why we really could safely review and use PD sources. I'm in the position to argue with, and (often) successfully educate such organizations; but this is difficult for "real" employees, since such directives often come from individuals who are high enough in the hierarchy to make disagreement a somewhat risky proposition. Also, the decision makers at this level may well not be computer literate themselves, and have neither the time nor the desire to do so--they want clear, concise advice from their experts, who are often those disenfranchised MIS people. (Who are often not qualified themselves...see above.) This is not a happy-making situation, and I don't have a blanket answer. I think what, perhaps, will give us all the best ammunition to counter the rising hysteria is a clear, well-written text that is targeted at the intelligent layman, describing exactly what the attack vectors are, and what approaches can reasonably protect a distributed computing environment without unnecessary stifling of creative use or access to valuable programs.