Dear Mr. Assange,
It is difficult to fathom the motivation or thought process behind your
vitriolic, abusive posting regarding the "1996 CSI/FBI Computer Crime and
Security Survey." I also wonder if you have ever actually looked at the survey
itself. Nevertheless, since you have chosen to post your attack without
eliciting any comment or clarifiction from CSI, I feel compelled to respond. The
survey has received wide and serious attention from many people, including
leading authorites on information security, law enforcement officials,
information security practitioners in corporations, government agencies,
universities and other organizations, as well as journalists from legitimate
media (e.g, Wall Street Journal, Reuters, Knight-Ridder, CNN, etc.)
I guess we are to assume that all of them have been sadly mistaken and dupped,
and you alone have at last revealed our work to be a "flawed and useless study"
conducted by "incompetent morons" or liars "intending to deceive."
FYI, several other recent studies conducted by Ernst and Young LLP, the American
Society for Industrial Security, Michigan State University and the U.S. General
Accouting Office all revealed a serious problem and reached similar conclusions.
If you chose to disregard the findings of all these studies as well as the
responses of information security pratitioners in 428 organizations, including
Fortune 500 corporations, government agencies, medical and financial
institutions, you are free to do so. But luckily, others who are responsible for
the security of both the internal networks of their organizations and the shared
information infrastructure are aware of the nature of the problem and welcome
serious attempts to provide data.
Since, as mentioned above, you have probably not made the effort to actually
review our work, allow me to quote from the preamble:
"Does the CSI/FBI survey answer every question? No. Is it the final word? There
never will be a final word. Is it "scientific"? No. But it is an extensive,
fascinarting snapshot of the 'facts on the ground' for the 428 organizations
whose information security profesionals took the time to answer 39 touchy
questions--and as such, it is an important indicator of the overall range of
thrats and level of preparedness in cyberspace. Hopefully, it will lead you to
ask the same questions for the sake of your own organization and measure the
situation against that of our respondents."
Computer Security Institute