Discussion about this post

User's avatar
Interisle Consulting Group's avatar

Thanks for your post, https://www.threatswithoutborders.com/p/threats-without-borders-issue-294/

FWIW, the comparison between disease and identity theft works well enough. There's a danger in only fixing the blame on technical (operational) failure. One could argue that operational failure is itself a symptom of a different disease: lack of accountability. Most orgs only spend on secure operations what is necessary to satisfy a nominal risk tolerance (which includes liability, which is itself typically a low risk proposition). "We meet the industry recommended practice" may be a defensible argument but if you can fall back on this, what's the incentive or motivation to do better?

1 more comment...

No posts

Ready for more?