More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …
For once, some sense
Decent anaylisis. Big organisations are run on rulez. We have rulez, therefore there is no problem. A symptom of the reductionist fallacy at work, pun intended. The example of kit but no staff is so common when bean counters apply their limited world view to managing the largely unmanageable. In short the root cause is not technology, but managers not employing a full risk assessment, which includes all resources including enough expensive troublesome things called trained, skilled staff. Then governments might be sanely pursuaded that more rulez are not required. An example of a proactive approach was Lockheed 2 or so years ago. Known incoming, so honeypot was set up and waiting.
Some sense, yes...
In that a one-size fits all, tick-box compliance exercise does not mean that the risks have been managed or even identified. But some (most?) organisations possess neither the capability nor the will to fund a fully reactive, risk-based information security function. So until such time as the new EU breach/attack-sharing bears fruit and senior management actually see what is happening, it's policies, standards and checklists all round.
- Breaking news: Google exec veep in terrifying SKY PLUNGE DRAMA
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Google CEO Larry Page gives Sundar Pichai keys to the kingdom
- Something for the Weekend, Sir? SKYPE has the HOTS for my NAKED WIFE