Warning: include_once(/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304

Warning: include_once(): Failed opening '/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304
8 Dirty Secrets of the IT Security Industry – CSO.com « The InfoSec Blog
The InfoSec Blog
18Aug/09

8 Dirty Secrets of the IT Security Industry – CSO.com

Bill Brenner  wrote an article that covers some security consulting in general and PCI DSS in particular.

The Information Security triad: CIA. Second ve...

Image via Wikipedia

Do make note of points 1,3, and 6.
I particularly appreciated the subtext of the wording of #1.

Vendors don't need to be ahead of the threat, just the buyer.

We all know the story of the two campers and the bear, but this is an interesting variation. We've just discussed Mr Carr screaming about how he wasn't told by his security staff that there were more threats.

Yes but ... Its not the security staff that set the budget or make the buying decisions. Look: it says "buyer", not "customer".

How often have you had your security advice over-ridden for anyone of a number of reasons? Its not you doing the BUYING is it.

And why do you think that the saleswomen wear suits and talk in that stupid language using terms like "solution" (oh-ho, watch out, here comes Les...) and "bottom line" and other stuff that has nothing to do with InfoSec.

'Cos it isn't YOU doing the buying.

At best they throw you a bone since you might be an 'influencer' - more salesman-speak. (But 'influencer' is too close to 'influenza' which is why they don't get too close to you...)

Mean while, you're talking to your manager about all these nasty things like threats and the possibility of embarrassment in the press and lawsuits, while that nicely dressed saleslady is talking sweetly about nice things such as profit and success and such like.

Marcus J. Ranum

Image via Wikipedia

Lets face it, the game is semantically rigged against us.

Like Marcus Ranum says,

"Given a choice between dancing pigs and security, users will pick dancing pigs every time."

 

"Oh look http://pics4.city-data.com/cpicc/cfiles34082.jpg hey, that's neat, I didn't know they could do that...."

Enhanced by Zemanta

Posted by antonaylward

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.