More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …
For once, some sense
Decent anaylisis. Big organisations are run on rulez. We have rulez, therefore there is no problem. A symptom of the reductionist fallacy at work, pun intended. The example of kit but no staff is so common when bean counters apply their limited world view to managing the largely unmanageable. In short the root cause is not technology, but managers not employing a full risk assessment, which includes all resources including enough expensive troublesome things called trained, skilled staff. Then governments might be sanely pursuaded that more rulez are not required. An example of a proactive approach was Lockheed 2 or so years ago. Known incoming, so honeypot was set up and waiting.
Some sense, yes...
In that a one-size fits all, tick-box compliance exercise does not mean that the risks have been managed or even identified. But some (most?) organisations possess neither the capability nor the will to fund a fully reactive, risk-based information security function. So until such time as the new EU breach/attack-sharing bears fruit and senior management actually see what is happening, it's policies, standards and checklists all round.
- Analysis iPhone 6: The final straw for Android makers eaten alive by the data parasite?
- First Crack Man buys iPHONE 6 and DROPS IT to SMASH on PURPOSE
- TOR users become FBI's No.1 hacking target after legal power grab
- Vid Reg bloke zips through an iPHONE 6 queue from ZERO to 60 SECONDS
- Analysis Why Oracle CEO Larry Ellison had to go ... Except he hasn't