 |
| About the Author Simon Biles is a founder of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK. |
Given that two people may interpret any given word in vastly different ways depending on their backgrounds how do we ensure there is a consensus of understanding? We operate in a field that has very definite concepts – true or false, on or off, zero or one – binary choices. There are few shades of uncertainty (all smart comments about quantum computing to /dev/null please) – it’s there or it isn’t, and unless we are called upon to give our opinions as experts, we are bound, at least ethically if not legally, to make statements of fact. I personally find it an immense problem though, that so often there are not really clear definitions of terms – or at least not clear definitions that you can easily present to a customer (or worse, a jury).
To add further problems, for me at least, I subscribe to a code of ethics that prohibits the use of “FUD” in dealing with customers (see http://www.csoonline.com/article/217983/The_FUD_Factor). “Fear, Uncertainty and Doubt” have to be the biggest drivers in Information Security sales as a quick survey of some major security vendors supports:
“… cyber cold war, with critical infrastructures under constant cyberattack causing widespread damage” – McAfee (fear of attack)
“Do you know where your data ends up?” – Checkpoint (uncertainty)
“Today's attackers evade traditional security solutions, leaving your business vulnerable to data theft.” – Symantec (doubt in your “traditional” solution)
Having put up these examples, I had a moment of paranoia and had to check my own website just to be sure – it really is a very easy thing to do - “pas de touché” fortunately!
So where does this leave us?Read more at http://www.forensicfocus.com/simon-biles
0 Response to "Security metrics - proving you've made a difference"
Posting Komentar