lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4517C5F6.1030904@ftusecurity.com>
Date: Mon, 25 Sep 2006 08:05:10 -0400
From: "Kenneth F. Belva" <ken@...security.com>
To: bugtraq@...urityfocus.com,  full-disclosure@...ts.grok.org.uk
Subject: Could InfoSec be Worse than Death?

[From: http://www.bloginfosec.com]

Our current way of viewing information security is loss prevention. It
is an insurance model. And, although insurance is useful and necessary,
senior managers are not likely to spend one dollar more than necessary
to obtain the needed protection. After all, information security doesn’t
make money–it only spends.

Why is it so hard to convince management to spend on security?

This is not a new problem. In Woody Allen’s 1975 classic “Love and
Death”(1), he writes: “There are some things worse than death. If you’ve
ever spent an evening with an insurance salesman, I’m sure you know
exactly what I mean!”

There is an alternative: Virtual Trust(2) as an information security
model. According to the Virtual Trust model, security actually creates
business and generates revenue.

The VT model can be expanded to describe the breakdown of all modern day
computing (via worms, viruses, phishing) since these nefarious
activities weaken trust. VT can also explain positive business changes
such as the creation of digital assets via DRM (iTunes, Unbox) whereas
the insurance model cannot fully.

(1) http://en.wikipedia.org/wiki/Love_and_Death
(2) http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ