Layer 8

Thought for the day.

How much money do you suppose organizations are spending on preventing every little insecure behavior they can think of (such as using P2P, copying files to and from removable media, etc.), when they could save more just by being stronger on enforcement?

What’s the cost-benefit ratio of firing someone and replacing them (or at least writing a reprimand letter) versus buying a whole bunch of desktop monitoring and application control software?

I’m starting to think that if they would actually drop the hammer on people for doing stupid things, we would get better security in the long run.

But maybe I’m just channeling Marcus Ranum again.

Posted by shrdlu on Tuesday, November 28, 2006
(2) Comments • Permalink

About the Bloggiste

I'm an IT security manager who has worked in various places around the world and in the US. If I told you more, well ... you know.

Members

RSS Feeds

Atom

Latest entries

Thought for the day.

New comments

Soapbox update. (1) Why Sony is no surprise. (4) The difference between curmudgeon and curmudgeon. (1) Crush ‘em while they’re young. (4) Next-generation metrics. (8) Connecting the risk dots. (3) You say potato, I say false positive. (16) How secure does that make you feel? (3) Reporting lines. (4) Ways to annoy your pentester. (12)

Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Thought for the day.

About the Bloggiste

Members

RSS Feeds

Blogroll

Search

Latest entries

New comments

Site info