You can't secure what you don't acknowledge.SM

Wednesday, August 26, 2009

There are no "accidents"

The word 'accident' is one of those pet peeves of mine. We see and hear about car crashes, parking deck collapses, spilled milk on the kitchen floor, whatever...they're all "accidents" people say. Well I'm calling b.s. on the "accident" excuse. If you look at every single "accident" scenario there is always a set of choices and behaviors leading up to it. Guaranteed.

So, when I saw this IDC/RSA report that claims 52% of insider incidents are "accidental" you can imagine what came into my mind. Yeah, they're "accidental" because somebody somewhere along the line didn't do what they're supposed to do. Be it management not supporting the purchase of the right security technologies or mandating periodic security assessments - be it network managers being careless or too overwhelmed and overlooking something critical - or be it users acting carelessly (I mean, who doesn't understand privacy and security these days?)....there are always choices and behaviors that lead up to these "accidents".

Not taking responsibility for their actions is just another form of people sticking their heads in the sand. Plain and simple.

No comments:

Post a Comment