John PescatoreDark Reading has a piece on US Department of Homeland Security Secretary Janet Napolitano weighing in against the need for a Cabinet-level cybersecurity position. I agree big time – even though Secretary Napolitano’s position is surely based on protecting DHS’s charter.
Many have this vague hope that if government were to issue security regulations or if security reported to the President or if CSO’s were on the board of directors, then security would dramatically increase. This hope is based on a delusion that security has the answers, it is just that no one listens. Basically: we have built it, but no one will come.
But when you look at most of the answers that come from those complaining that no one listens, it is basically “Look, it hurts when you do that – so don’t do that.” Essentially, if users would just obey the security 10 commandments and stop sinning, security problems would go away. It is as if the highway department said “we need a cabinet level traffic safety czar to convince people to drive safely.”
The answer will never be hoping people’s behavior changes towards safety – the answers are all about building safety in. Which is exactly what the most successful security programs do, and it is no coincidence that those doing that the best are very rarely heard calling for more regulations, cabinet level cybersecurity czars or waiting for users to stop falling for cyber-scams.
Category: Uncategorized Tags:
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment