Posted by:
admin
15 years, 11 months ago
Great post on Not Bad for a Cubicle about the utility of information security. In the case of Security, this means that if someone thinks they have good security, they won’t see much benefit from an increase in protections and will thus be uninterested (or even resistant) to increases in security which have even moderate cost. But if that same person believes they have poor security, then they will perceive great benefit from even a moderate increase in protection and be more willing to invest their resources in efforts which might improve it.
This ties in with my previous post about hedge fund risk. You may probably think you have great security because you haven't been breached, but in fact you don't and there is a 100% chance that you will be breached over time.
He notes:
if you actually succeed in getting someone to realize that they are security-poor, that person is probably not going to be happy and you’re probably going to be the first one they look at for an explanation of where all their security “wealth” went.
Which is probably why regulation is the biggest driver of security. If you can say "The FFIEC is now saying we're not as secure as we need to be", then the government is the scapegoat. There is a risk that many companies will seek to comply with the guidelines rather than manage their risks appropriately. They will look to the regulations rather than the potential attacks and the assets being protected. Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)