Great article. I also believe, as more and more Americans do business online, that the net will become a larger and larger target over time. We should be concerned with, not only over seas threats but, domestic threats as well. Information risk management is something all companies with any sensitive data should consider sooner rather then later. Who knows when, if ever the Obama administration will address what you set forth.

http://www.abrevity.com/blog/?author=7

How about suggesting that he end the madness, and define SocSec numbers as public - not secrets, so they cease to be usable as proof of identity (and useful to identity thieves).

This has the effect of forcing banks and other institutions to establish their own true authenticators for their customers, and shifts the burden of securing these authenticators to those who profit from the relationship.

SSN was never really a true authenticator in the first place.
It served well its original purpose as a database key, but is not a password. We've let credit bureaus and banks turn it into a password, and are paying the price every time we have to protect it.
An unsustainable situation.

I don't know why we are expecting the government to solve all of the cyber security woes. I believe it is the responsibility of private industry to secure their transactions. I think the government has established clear expectations on the privacy of individuals and it is up to private industry to meet those expectations/regulations. I think the new administration has enough challenges to face without the additional burden of managing security for private industry. Take some accountablity and meet the expectations already established of us.

Who picks "cyber security experts"? Get 10 of these guys in a room and you'll end up with 13 different sets of "the 5 most important things to do".

Just publishing "yet another set of essential cyber actions to do" without presenting the basis upon which these are chosen or justifying the source of the recommendations just adds to the fog of policy alternatives and speculation.

How about just a little more than re-emphasizing what was already published in a sister magazine?

Bill's article provides a step in the right direction.

Regarding #2 (Wipe the dust off of older regs), we need more Federal-level legislation (of the preemptive kind) that would set minimum security, forensics, and breach reporting standards across the board. Instead we end up with states passing laws requiring forensic professionals to have Private Investigator licenses.

Regarding #3 (Demand better security training), it should have been titled "Demand better security training and education." Absolutely we need to educate people about security, starting in middle school all the way to retired folks. And while we're at it, how about asking that faculty (or teachers) who provide this education be security certified.

While reading this article, I wonder the perceptual awareness Americans have on whether or not a sizable, radical Islamic attack on US soil is an imminent or far flung possibility. And, if in the offing, how the atrocity will be orchestrated. I ask for roughly a half minute of your time to take the anonymous Poll in the upper right-hand margin of my DECLASSIFIED SECRETS Blog- POLL QUESTION: DO YOU THINK TERRORISTS WILL LAUNCH AN ATTACK INSIDE THE U.S. WITHIN ONE YEAR FROM NOW? IF SO, BY WHAT MEANS?

http://declassifiedsecrets.blogspot.com/

The premise that government should invegle itself even more than they are now begs the issue that government knows what it is doing. Looking at the president elects background and friends would appear to be the wrong thing at this time. The new phrase "distraction" has been directed at the president elect by the press who hope that Obama be given time to fit in. Hopefully he will take care of the greater problems facing him and the private sector should take care of the security problems. We are better at it then they are.

Now that President Obama is in office,I believe that cyber security should be one of many topics to look at,because everything is wireless now,and there are always new and deadly ways to attack,in both online and offline worlds.