How much money do you suppose organizations are spending on preventing every little insecure behavior they can think of (such as using P2P, copying files to and from removable media, etc.), when they could save more just by being stronger on enforcement?
What’s the cost-benefit ratio of firing someone and replacing them (or at least writing a reprimand letter) versus buying a whole bunch of desktop monitoring and application control software?
I’m starting to think that if they would actually drop the hammer on people for doing stupid things, we would get better security in the long run.
But maybe I’m just channeling Marcus Ranum again.Posted by shrdlu on Tuesday, November 28, 2006
(2) Comments • Permalink