This all-too-brief paper is divided into four parts: (1) Introduction, (2) Evolving Awareness of Need, (3) Reactions of Organizations, and (4) Best Practice. As the author states, “The purpose of this paper is to convey the observations and impresssions gathered by Geneva Management Group." Polis is cofounder and general manager of Geneva Management--a Swiss consulting firm specializing in the area of information security. Such a broad purpose, even with creditable expertise, is doomed to vagaries and generalities in a paper that is only four pages long.
Part 2 contains vague references (without citation) to well-publicized security breaches. Generalities, of no serious insight, and non sequiturs abound in the third part. Actually, the last section is where substantial discussion begins and meaningful insights are given. But, alas, the level of competence of the author does not seem to be reflected in the depth of his paper. Shallow methodology and unexplained terminology are barriers to even the most dedicated of readers. The paper is not recommended reading; but keep Polis on your list of promising experts and writers in the area of computer security.