Monday, November 27, 2006

So, You Think That Security Is ...

.. about
a) fighting nefarious hackers
OR
b) protecting information

Now, if you ask as many of our colleagues about this, do you think you'd have more of "a)"-people or "b)"-people? Any bets on the percentages?

Just a random thought of the day...

3 comments:

Anonymous said...

How about:

c). The vulnerability component (controls vs. threat capabilities) of risk management.


:)

Anonymous said...

Anton:
This is a very nice question. It all boils down to what can be controlled and what can't be. Protecting information is something we can control. Fighting hackers is not a wise game to choose, they are all over and is something that you can't conrol.

Anton Chuvakin said...

Well, this whole question was posted since I am running into waaaay too many people who "in theory" agree that security should be about information protection or even information risk management or whatever, but spent 100%+ :-) of their daily lives fighting hackers (malware, etc) and ignoring everything else...

And that is in addition to all the people who simply (dumbly?) equate infosec with "[malicious] hacker-fighting"...

Dr Anton Chuvakin