By now, most security professionals have enjoyed a good chuckle about the failing gradeFgiven by the House Government Reform subcommittee to the Department of Homeland Security for its own network security. Its a little like having food inspectors shut down the cafeteria at the FDA for unsanitary conditions. But in fact, according to coverage on DC.internet.com, DHS wasnt the only flunk-out. Seven others, including the Department of Justice, got failing grades for cybersecurity. (The story includes the whole report card.) The truth is, network security is a very tough row to hoe, and it gets tougher every year. In addition to the already daunting tasks that introducing or revamping technological and human systems comprises, new threats and vulnerabilities for those systems hardware, software, data and users crop up faster than runny noses in a daycare. No sooner is the last one under control than three new ones appear. (See Daintry Duffys story Underground Fears in the December issue of CSO magazine.) In another story in CSOs December issue, Safety Measures, Chris Lindquist reports that the coming year is unlikely to see any major advances in security technology. No plug-in fixes to the onslaught of problems. So what are you going to do?Seriously, now that weve all had a good laugh at the expense of, well, our tax paymentsbut thats another disaster storythink about it: What would you do if you were responsible for network security at the DHS? For that matter, what are you going to do at your own company? As a new year approaches with its unrevealed roster of dangers and opportunities, and its tendency to inspire resolve, what will be your top priority for security? And what will be the biggest challenge to your earning a good grade in security in 2004? Let us know.