lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <j2qf37852831004211444ia6913e4do7b776253f297d2af@mail.gmail.com>
Date: Wed, 21 Apr 2010 14:44:35 -0700
From: Mike Hale <eyeronic.design@...il.com>
To: "Ivan ." <ivanhec@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	security-basics@...urityfocus.com
Subject: Re: Compliance Is Wasted Money, Study Finds

I actually disagree with the conclusions presented by this paper.  I'm
in the process of writing up a more thorough explanation, but my main
issue lies with their key finding on compliance spending.

According to the paper, roughly 40% is spend on directly securing
secrets, and another 40% is spent on compliance of some type.  They
further suggest that half of this compliance spending is spent on
internal compliance, and half on regulatory/external compliance.

Internal security policies are designed to protect the network and the
companys data.  Therefore, reason would dictate that spending on
internal compliance is money spent on securing your secrets (a
fraction of that spending, anyway).  Is it unreasonable to assume that
half of money spent on compliance with internal policies postively
affects security of your data?

I find the findings completely flawed.  Am I missing something?

-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ