What Does the Financial Meltdown Mean for Security?
This week in FUD Watch: Senior Editor Bill Brenner wonders if it's irrational or appropriate to make connections between the current financial crisis and the state of security.
The parallels between the financial crisis the US currently finds itself in and the state of information security is uncanny. I could run down the list and provide a line by line comparison of the failures in both areas. For example:
1). Failed regulatory oversight (SOXs, HIPAA, GLBA)
2). Failed self regulation (PCI, ISO)
3). Failure for consumers to manage risk (education, awareness)
4). Failure for companies to manage risk (risk analysis, awareness)
5). Failure for the current bailout to protect the consumer (no need to explain)
6). Reaction only when a threat is upon us (building security in vs slap on)
In both situations, the consumer is talked about...held up as the main focus, but the actions do not seem to support protecting them. Look closely at our privacy laws, security laws and identity theft laws and you can see the lack of any real consumer based legal causes of actions that are available.
Do you see any opportunity to leverage the current crisis to finally focus on the consumer privacy and security rights? At a time when the government is calling upon greater oversight and regulatory authority, should the security industry be lobbying to get the consumer protections front and center?
What Does the Financial Meltdown Mean for Security?
This week in FUD Watch: Senior Editor Bill Brenner wonders if it's irrational or appropriate to make connections between the current financial crisis and the state of security.
» View Article
Here is what I posted on linkedin.com last week:
700 billion dollar information security bailout?
The parallels between the financial crisis the US currently finds itself in and the state of information security is uncanny. I could run down the list and provide a line by line comparison of the failures in both areas. For example:
1). Failed regulatory oversight (SOXs, HIPAA, GLBA)
2). Failed self regulation (PCI, ISO)
3). Failure for consumers to manage risk (education, awareness)
4). Failure for companies to manage risk (risk analysis, awareness)
5). Failure for the current bailout to protect the consumer (no need to explain)
6). Reaction only when a threat is upon us (building security in vs slap on)
In both situations, the consumer is talked about...held up as the main focus, but the actions do not seem to support protecting them. Look closely at our privacy laws, security laws and identity theft laws and you can see the lack of any real consumer based legal causes of actions that are available.
Do you see any opportunity to leverage the current crisis to finally focus on the consumer privacy and security rights? At a time when the government is calling upon greater oversight and regulatory authority, should the security industry be lobbying to get the consumer protections front and center?
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK