| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2006 08:05:10 -0400 From: "Kenneth F. Belva" <ken@...security.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Could InfoSec be Worse than Death? [From: http://www.bloginfosec.com] Our current way of viewing information security is loss prevention. It is an insurance model. And, although insurance is useful and necessary, senior managers are not likely to spend one dollar more than necessary to obtain the needed protection. After all, information security doesn’t make money–it only spends. Why is it so hard to convince management to spend on security? This is not a new problem. In Woody Allen’s 1975 classic “Love and Death”(1), he writes: “There are some things worse than death. If you’ve ever spent an evening with an insurance salesman, I’m sure you know exactly what I mean!” There is an alternative: Virtual Trust(2) as an information security model. According to the Virtual Trust model, security actually creates business and generates revenue. The VT model can be expanded to describe the breakdown of all modern day computing (via worms, viruses, phishing) since these nefarious activities weaken trust. VT can also explain positive business changes such as the creation of digital assets via DRM (iTunes, Unbox) whereas the insurance model cannot fully. (1) http://en.wikipedia.org/wiki/Love_and_Death (2) http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists