Essay on Security: Hindsight is 20-20

1052 Words 5 Pages
Companies in the news for security breaches are now benefiting from their newly found hindsight via way of a lack of security point of view. These views come at a highly expensive cost and it should come as no surprise that many companies will continuously and gratuitously benefit from those views. The reason I believe this is because companies just don't get it. At the cost of millions of dollars spent post compromise, companies rush off to apply band-aids where sutures are needed. Anyone with a connection to the Internet who has viewed any form of news site in recent weeks have come to know their names: RSA, Sony, Nintendo, L3, Northrop and the list goes on and on.

Where do these companies go wrong? With so much already being
…show more content…
This is definitely the case of companies like Citibank who was compromised recently [2] and Bank of America who continuously gets compromised quite often [3,4,5].

Unfortunately there is no immediate cure for security woes however, there are real world mechanisms to minimize even reduce the risk to numbers not even mentioned in most guidelines and or certification books. The problem with these cures are, too many security managers and C-Level types truly don't care to implement them. It seems to be "wasted dollars" for security managers and C-Level types since they cannot measure ROIs on voodoo metrics. You know those voodoo metrics well, they are usually cleverly scrawled across every security management level certification you could find: ALE = SLE x ARO or ROSI = R - ALE, where ALE = (R-E) + T. Too many security charlatans have flooded the security arena with this nonsense for too long.

Can we state that Citi, BofA, L3 and others never used these metrics? If they state that they did not, they would be hurting their reputation. We can infer that the outcome of these metrics are useless and this is as obvious a statement as "tomorrow is another day." So how do does the security industry change this backwards approach to security while keeping costs low, and security measures high? Simple, take a different approach to security as a whole.

In a recent case, [6] a judge ruled that a bank was not

Related Documents

All Accessories | 368 افلام عربية WEBDL مشاهدة فيلم غريب في بيتي 1982 اون لاين بدون حذف مشاهدة فيلم غريب في بيتي 1982 اون لاين بدون حذف مشاهدة تحميل فيلم غريب في بيتي 1982 اون لاين بدون... 7.3 | Interpersonal Communication - 8288 Words