It could be only lip service, but I find great irony in the notion that Russia's president-elect, Medvedev, seems to understand the importance of the rule of law far better than our own American president.
In an interview with the Financial Times last week (see Laying down the law: Medvedev vows war on Russia’s ‘legal nihilism’), Medvedev discussed the importance of the rule of law.
Mr Medvedev insists Russia can build the rule of law, outlining a three-point plan. The first step is to assert the law’s supremacy over executive power and individual actions. The second is to “create a new attitude to the lawâ€.“We need to make sure that every citizen understands not only the necessity and desirability of observing the law, but also understands that without [this] there cannot be normal development of our state or society,†he says.
Later in the interview he goes on to say:
“The only way that Russia can count on having the supremacy of the law is in a situation where the powers-that-be respect the independence of courts and judges,†says Mr Medvedev.
The International Herald Times also comments on the FT interview (see Medvedev pledges support for rule of law in interview with British newspaper), saying:
Medvedev told the Financial Times in an interview published Tuesday that he plans to strengthen the rule of law by bolstering the independence of courts and demanding respect for the constitution. He said Russia could not develop economically unless judges can interpret the law without interference.
So, I ask you this: if Russia's newest elected leader, who's come from the shadows of a man that's arguably rolled back much of the progress in Russian politics achieved in the 90s, can see the apparent value in the rule of law, then why, oh why, can't the bloody Neoconservatives understand the same point? Moreover, it's great to see the connection between holding executives responsible under the law, too, instead of just applying them to the common person.
As a security practitioner, I would argue that people need to understand the "necessity and desirability of observing" policies, standards, and security best practices. If you do not act responsibly, then bad things will happen. Data exposures are not a result of inadequate technology today, but rather stem directly from poorly defined policies, standards, and practices, and an even worse adherence to those norms. Furthermore, data that isn't directly tied to the bottom line of organizations is often afforded second class protection, even if it's credit card numbers or social security numbers.
Change must start with people and processes. The technology has not been a valid limitation for a considerable period of time now.