Blogs > CSO Bloggers

The insanity of security – a series of queries!

Matt Tett

Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at http://www.testlab.com.au blog at http://enextestlab.blogspot.com and can be found on twitter as @enextestlab.

Whether you attribute this quote to Rita Mae Brown, or Albert Einstein, it’s out there and it sums up a lot of security practices: “Insanity: doing the same thing over and over again and expecting different results."

1. Why are the same threat mitigation strategies implemented time and time again with similar (and often highly public) failures?

2. Is this a factor of the cyclical nature of organisations, governance, risk and compliance processes?

3. Is this a factor of vendor fear, uncertainty and doubt built around their product marketing, development and release cycle? “There’s an upgrade/update for that just around the corner … bear with us."

4. Is this a factor of lazy security practitioners following the flock of sheep and not risking running with the pack of wolves?

5. How does law enforcement keep up, or ahead of criminals in the real world? Why can’t we/they do the same in the digital world? Are physical crimes a priority over electronic crimes (or are we stuck in tradition)?

6. What is greater: a) “selling” security to the business, or b) fear of mitigating potential security breach in the media?

7.

Share with us some positive experiences where the above is the exception not the norm.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Show Comments