Lawrence Pingree, from McAffee, was kind to comment my post about his post on McAffee's blog on "security not being a cost". Well, I must say that what he expressed on that comment didn't change my mind at all. As he said, security can be an enabler. I understand this statement as saying that it allows us to do something under an acceptable risk level. We could still do the same things without security and get the same savings (like using Internet connections instead of dedicated circuits). The difference is that most people won't do that without mitigating the risks. However, in order to do that, there is a cost. That's security. You can keep a single person submitting a transaction, that will certainly be the lowest possible cost. But, in order to reduce the risk from that person abusing the system, you add an approver. That's a cost. The action is still the same (the transaction), but now it happens under a reduced risk and with a higher cost.
Still on "security as a cost"
Still on "security as a cost"
Still on "security as a cost"
Lawrence Pingree, from McAffee, was kind to comment my post about his post on McAffee's blog on "security not being a cost". Well, I must say that what he expressed on that comment didn't change my mind at all. As he said, security can be an enabler. I understand this statement as saying that it allows us to do something under an acceptable risk level. We could still do the same things without security and get the same savings (like using Internet connections instead of dedicated circuits). The difference is that most people won't do that without mitigating the risks. However, in order to do that, there is a cost. That's security. You can keep a single person submitting a transaction, that will certainly be the lowest possible cost. But, in order to reduce the risk from that person abusing the system, you add an approver. That's a cost. The action is still the same (the transaction), but now it happens under a reduced risk and with a higher cost.