One of the more compelling, yet less obvious, reasons for taking security seriously is to prevent it being forced down our throats, complete with flawed requirements. GLBA, HIPAA and Sarbanes-Oxley are examples of what happens when our lawmakers feel there is a problem and they try to legislate an answer. Don't get me wrong, these laws were designed to address real problems- but their execution is far from perfect.
Let's pick on Enron for an example: If there had been some accountability in the boardroom and at the accounting firm, maybe Enron would not have become, well, Enron. And, maybe Arthur Anderson would still exist, and maybe corporations throughout the US would not have to spend buckets of cash complying with this law. But, Enron was Enron, and Anderson did what they did (and didn't do), and SarbOx is the law- for better AND worse.
If we don't accept our responsibility to secure our systems we could end up with more legislation mandating how we run our businesses. Well-intentioned, but poorly crafted, regulations or personal responsibility- that should be an easy choice.
Jack
skip to main |
skip to sidebar
Just another security blog.
About Me
- Jack Daniel
- Storyteller, Information Security Curmudgeon, Security BSides Co-Founder, Community Advocate at Tenable Network Security, Co-host at Security Voices podcast.
Contact- jdaniel/at/voodooelectronics/dot/com
Blog Archive
-
▼
2007
(57)
-
▼
August
(10)
- Your password is too short.
- "Real" security people just don't get it.
- Partners and Security, Part 3B
- Yet another reason to take security seriously
- Security Excuse Bingo
- SCO loses, Novell (and almost everyone else) wins!
- Captain Privacy Strikes Again!
- Verisign laptop theft
- Exploring the IT Community
- Educational Commuting (Podcasts)
-
▼
August
(10)