Mike Rothman is right:
I'm here at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Standard conference and I'm seeing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pendulum starting to swing back. What pendulum? The pendulum that swings like a metronome between security as a defense and security as an enabler...
I'll make it very very clear. Security is not a business enabler. It is a cost of doing business. You cannot do new things because of security. You do open up new revenue streams and add value to customers via new applications that reflect new (or updated) business processes. It may be ill advised to put cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se new business processes on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web without adequate security, but you CAN do it.
In extreme cases of incredible negligence or outright stupidity, a business may deploy an exceptionally insecure application or business process that must be shut down due to overwhelming fraud and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft. Barring those circumstances, however, I agree that businesses are willing to "put cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se new business processes on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web without adequate security" and suck up some level of "acceptable loss."
Richard Stiennon agrees:
My perspective is that treating IT security like a business process is like treating a tactical military strike force as a business. While maintaining cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 capability of military forces could be a process open for improvement by applying some business discipline, actually fighting battles and overcoming opposing forces does not have much of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "business process" about it. Security is much more akin to fighting a battle than it is to "aligning business objectives".
Hopefully someone at this conference will address security as a cost, like insurance or legal teams.
Subscribe to:
Post Comments (Atom)
5 comments:
Mr. Sam Dekay and I published a paper on security enablement in late August.
http://www.securityfocus.com/archive/1/444735/30/0/threaded
http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf
Sincerely,
Kenneth F. Belva, CISSP
I also think security is not a business enabler. And it is that same reason why coding is not necessarily secure by default. Security is a cost (unless your industry is in providing security, I guess). Think of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security guard for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 building. Does his presence generate any revenue? Not for your typical business.
It is a tough distinction to make. Security can (will) prevent loss of business, but it, in and of itself, does not raise revenues. Marketing will always say ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise, that someone chose cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y meet a security standard cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y require, but really, security just prevented cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir lack of choosing you (i.e. going elsewhere).
Back to my coding example, it costs money in time and energy to code security into most apps. When push comes to shove, every IT person grudgingly knows that functionality will beat out security. Lack of security at deadline time won't necessarily trump just getting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 product out. Security is a cost cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re, too, not an enabler. Lack of it may reduce revenues, but having it won't increase revenues, by itself.
Where is that half full glass that I have around here? I wonder how much of this position is a reaction to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 marketing machines gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365red at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se conferences and how much is "real"?
I'm on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fence. I think that many, many people still don't trust cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. They cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y don't do any form of electronic banking or commerce. They don't want cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir personal information on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network.
The problem with that is that we can help a lot of people using networks and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. And many folks are missing out because we can't reach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. We can help cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m do much more than manage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir finances through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wider disemination tools such as specialized portals and medical telematics.
Can we have security and functionality and stilll generate revenue? Sure. But it won't be easy.
Since surveys have shown a high incidence of people now reluctanct to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internet for e-commerce and even e-banking now, could it not be said that proof of secure transactions and public confidence, could lead to increased e-commerce activity?
In this case, security would be a business enabler, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lack of it currently, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 resulting lack of public confidence, is a barrier.
Hi Rob,
You are describing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Road House effect.
Post a Comment