Wednesday, October 22, 2003

Rudy Giuliani, White Hat?

Recently former NYC governer Rudy Giuliana announced a partnership with Ernst & Young to offer digital security consulting. This follows last year's alliance with Giuliani's own consulting practice. Here's the best part of the story:

Competitors of the new enterprise greeted Mr. Giuliani into their midst warily.
"What is he really bringing to the table as far as the security business part of it?" asked Chris Wysopal, the director of research and development for @stake, a company that also provides so-called white-hat hacking services.
"I'm not too worried," he said. "When we say, `We talk business,' it isn't like going out to the golf course. It's showing real numbers, and having the data to back it up."
So, Mr. Giuliani, could you comment on the BIND vulnerability that was exploited to threaten the root server system?
"I could make a comment on the Cubs game tonight," he said with a laugh, speaking by phone from Chicago.
And that is as it should be, said Allan Carey, an analyst with IDC, a research company. "He's talking on a different level; he's speaking to executives."

This story on a new report by the Economist Intelligence Unit quotes the foreward Rudy wrote for the report:

"$10m spent on corporate security will hit the bottom line today and may not show its worth for many years. But when a security incident does occur, that investment will pay for itself many times over. As mayor of New York, I remember thinking that the hundreds of millions of dollars we spent preparing for Y2K might have been wasted ... On the morning of 11 September, I realised that it wasn't. Having thought our way through a complete breakdown of the city's systems, we had the backups that allowed us to get a new command centre partly operational within two hours. Similarly, all of the work we did over the previous few years in preparation for a terror attack - including the drills, the tabletop exercises, and the creation of an emergency management centre - proved invaluable."

No comments: