[ISN] What the security industry can learn from Wall Street

From: InfoSec News <alerts_at_private>
Date: Thu, 25 Sep 2008 00:27:06 -0500 (CDT)
http://www.techworld.com/security/features/index.cfm?featureID=104738

By John E. Dunn
Techworld
September 23, 2008

If you have nothing to fear but fear itself, rationally speaking what is 
left to worry about?

On the face of it, the workings of financial markets are a world away 
from the security industry, and yet there are instructive parallels if 
you stare a little harder.

Computer security is about minimising risk for an organisation or 
individual, without making a network or device so hard to use or 
expensive to run that it is not worth having. Market security - 
conducted through regulation and the full disclosure of information - is 
about allowing the market to operate in a way that doesn't mislead 
investors as to the nature of the risks they are taking so as to distort 
price.

The problem for both is relating information to real risk without 
creating either undue hysteria or complacency. Both struggle with this 
problem.

Investors are often mislead in small ways, and occasionally in larger 
ways, leading to price distortions. Credit has been cheap in the US 
because the real risks of complex investments were not being made plain, 
at least not to everyone. The price was low because risk was seen as 
being low. The answer? More information, better transparency, more 
accountability, and a better relationship between these variables.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Wed Sep 24 2008 - 22:27:06 PDT

This archive was generated by hypermail 2.2.0 : Wed Sep 24 2008 - 22:39:47 PDT