Anton: This is a very nice question. It all boils down to what can be controlled and what can't be. Protecting information is something we can control. Fighting hackers is not a wise game to choose, they are all over and is something that you can't conrol.
Well, this whole question was posted since I am running into waaaay too many people who "in theory" agree that security should be about information protection or even information risk management or whatever, but spent 100%+ :-) of their daily lives fighting hackers (malware, etc) and ignoring everything else...
And that is in addition to all the people who simply (dumbly?) equate infosec with "[malicious] hacker-fighting"...
3 comments:
How about:
c). The vulnerability component (controls vs. threat capabilities) of risk management.
:)
Anton:
This is a very nice question. It all boils down to what can be controlled and what can't be. Protecting information is something we can control. Fighting hackers is not a wise game to choose, they are all over and is something that you can't conrol.
Well, this whole question was posted since I am running into waaaay too many people who "in theory" agree that security should be about information protection or even information risk management or whatever, but spent 100%+ :-) of their daily lives fighting hackers (malware, etc) and ignoring everything else...
And that is in addition to all the people who simply (dumbly?) equate infosec with "[malicious] hacker-fighting"...
Post a Comment