This whole thing started with MJR podcast #2 called "Codependence", continued by the squeals here :-) and then culminated by a thoughtful post here followed by just-as-thoughtful comments.
One of them says: "Security may never be a clear vision to mgmt beyond compliance, negligence, and regulations [AC: kinda compliance as well ...]" and further "if there is no benefit to the company other than as an insurance role, there is really not much hope beyond a CYA approach."
Well, so? :-) That is actually a lot! If security is made mandatory, all this ROI hoopla will subside. FUD will be gone. Other good things will happen (and some bad), but I would really not consider that scenario to be that bad at all ...
No comments:
Post a Comment