[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4517C5F6.1030904@ftusecurity.com>
Date: Mon, 25 Sep 2006 08:05:10 -0400
From: "Kenneth F. Belva" <ken@...security.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Could InfoSec be Worse than Death?
[From: http://www.bloginfosec.com]
Our current way of viewing information security is loss prevention. It
is an insurance model. And, although insurance is useful and necessary,
senior managers are not likely to spend one dollar more than necessary
to obtain the needed protection. After all, information security doesn’t
make money–it only spends.
Why is it so hard to convince management to spend on security?
This is not a new problem. In Woody Allen’s 1975 classic “Love and
Death”(1), he writes: “There are some things worse than death. If you’ve
ever spent an evening with an insurance salesman, I’m sure you know
exactly what I mean!”
There is an alternative: Virtual Trust(2) as an information security
model. According to the Virtual Trust model, security actually creates
business and generates revenue.
The VT model can be expanded to describe the breakdown of all modern day
computing (via worms, viruses, phishing) since these nefarious
activities weaken trust. VT can also explain positive business changes
such as the creation of digital assets via DRM (iTunes, Unbox) whereas
the insurance model cannot fully.
(1) http://en.wikipedia.org/wiki/Love_and_Death
(2) http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists