The 7 dirty secrets of the security industry

This article by Network World's Joshua Coman is a must read for anyone who (still) believes that product X, service Y, or compliance certificate Z can bring you information security.

Notable quotes:
Compliance in and of itself does not equal security...

Compliance is supposed to raise the minimum standard of security, but it just gets us to do what we are required to do and nothing else.

Technology without strategy is chaos.
Src: The 7 dirty secrets of the security industry - Network World [Tx to @gattaca]

1 comment:

AmandaSafeNet said...

Compliance doesn't equal security. The newest technology/threats are constantly advancing. It is impossible for compliance to keep up, as regulations and referendums will always take longer to enact. Compliance is the minimum standard to push companies to increase security. It is the responsibility of the businesses to ensure that the technology that is being utilized equals security.