Essay on Security: Hindsight is 20-20
Where do these companies go wrong? With so much already being …show more content…
Unfortunately there is no immediate cure for security woes however, there are real world mechanisms to minimize even reduce the risk to numbers not even mentioned in most guidelines and or certification books. The problem with these cures are, too many security managers and C-Level types truly don't care to implement them. It seems to be "wasted dollars" for security managers and C-Level types since they cannot measure ROIs on voodoo metrics. You know those voodoo metrics well, they are usually cleverly scrawled across every security management level certification you could find: ALE = SLE x ARO or ROSI = R - ALE, where ALE = (R-E) + T. Too many security charlatans have flooded the security arena with this nonsense for too long.
Can we state that Citi, BofA, L3 and others never used these metrics? If they state that they did not, they would be hurting their reputation. We can infer that the outcome of these metrics are useless and this is as obvious a statement as "tomorrow is another day." So how do does the security industry change this backwards approach to security while keeping costs low, and security measures high? Simple, take a different approach to security as a whole.
In a recent case,  a judge ruled that a bank was not