--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

In the financial services biz, there's a nice way to get out of this
bind: engage the risk analysis team. They hold the reins, nobody is
allowed to ignore them, and their job is analyzing risk tradeoffs.

Get them involved, teach them enough so they can make informed
judgements about computer security risk/cost tradeoffs, and things
get better. Not instantly, of course, but the the direction of
change switches:-).

In other business segments, I think the root problem --- not just
for computer security, but for any number of other corporate ills
--- is a failure to realistically account for risk in management
accounting.

The banking and investment folks have a leg up here since their
product is buying and selling risk.

-Bennett

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCn2XWHZWg9mCTffwRAtgDAJ994TxxFiiYcY2/pfa1+zEGHLgiFQCcCNj8
lYFO8y1bcjh9yW5L8hF+3JY=
=0oBg
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards