Next Threat; Data Manipulation

mbpark · 09-21-2015, 09:53 PM

TW/Bruce,

If you don't budget for actually designing and maintaining a system properly, failures happen.

The problem isn't management. It's management being ignorant of these issues and thinking they can cut corners to increase margins.

The most dangerous thing to good security in private industry has been quarterly results and the dangerous desire to cut all costs not directly related to costs of goods sold.

The most dangerous thing to good security in the public sector has been that expenditures over a certain amount have to go to Congress, where many of the organizations' budgets get cut to the bone due to politics and the ignorance of Congress to issues not packaged with lobbyists or not giving money to their districts.

Security will not change unless there is incentive to do so. Unless there is a guaranteed focus from multiple agencies on implementing business processes the right way, there will be multiple levels of fail.

I spend my days working through these issues. I also present on them semi-regularly. I speak with executives and directors from my employer's vendors on a daily basis. They are starting to get it, only because they know it's their wallets if they don't. That's their incentive.

09-21-2015, 09:53 PM	#3
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	It comes down to operational management TW/Bruce, If you don't budget for actually designing and maintaining a system properly, failures happen. The problem isn't management. It's management being ignorant of these issues and thinking they can cut corners to increase margins. The most dangerous thing to good security in private industry has been quarterly results and the dangerous desire to cut all costs not directly related to costs of goods sold. The most dangerous thing to good security in the public sector has been that expenditures over a certain amount have to go to Congress, where many of the organizations' budgets get cut to the bone due to politics and the ignorance of Congress to issues not packaged with lobbyists or not giving money to their districts. Security will not change unless there is incentive to do so. Unless there is a guaranteed focus from multiple agencies on implementing business processes the right way, there will be multiple levels of fail. I spend my days working through these issues. I also present on them semi-regularly. I speak with executives and directors from my employer's vendors on a daily basis. They are starting to get it, only because they know it's their wallets if they don't. That's their incentive.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)