-
-
-
BlogInfoSec.com Sponsors
-
-
BlogInfoSec.com Partners
-
Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Qualified Writer?
Submit a Guest Article through the SUBMISSIONS link above!
Full-Time Inquiries Contact Us: authors@bloginfosec.com
Subscribe to Our Newsletter:
-
Authors
Categories
Translations
English • Afrikaans • العربية • Беларуская • Български • Català • Česky • Cymraeg • Dansk • Deutsch • Eesti • Ελληνικά • Español • فارسی • Français • Gaeilge • Galego • हिन्दी • Hrvatski • Bahasa Indonesia • Íslenska • Italiano • עברית • Latviešu • Lietuvių • 한국어 • Magyar • Македонски • മലയാളം • Malti • Nederlands • 日本語 • Norsk (Bokmål) • Polski • Português • Română • Русский • Slovenčina • Slovenščina • Shqip • Srpski • Suomi • Svenska • Kiswahili • ไทย • Tagalog • Türkçe • Українська • Tiếng Việt • ייִדיש. • 中文 / 漢語Recent Comments
- How to be a Software Engineer without Understanding Software | BlogInfoSec.com on The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 1)
- David M. Zendzian on How to Define “Connected Systems” to the PCI Cardholder Data Environment (CDE)
- greystoke on How to Define “Connected Systems” to the PCI Cardholder Data Environment (CDE)
- Brian Krebs on Normative Cyber Security
- Heather J. @ TLC Boo on Normative Cyber Security
- Advanced Persistent Threat agility application security APT assessment Audit authentication Availability awareness Awareness / Education awareness training Ben Edelman Ben Worthen BITS black swans botnets BP breach breaches breach incidents business continunity china ChoicePoint CISO CISO savvy CISO skills cloud computing CNCI COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups Contingency Planning contingency plans cyberattack cyber attack cybersecurity cyber war Dan Geer Dan Schutzer data breach data breaches data breach notification laws data classification data leakage data loss prevention data mining data protection DHS disaster planning disaster recovery DLP Donn Parker economics of security Ed Amoroso education Encryption Enterpise Information Security and Privacy Enterprise Information Security and Privacy Exploit Code / Malware exploits facebook FBI featured FFIEC Firmware Forensics / Incidents FS-ISAC FST FSTC FUD FUD Theater Fukushima functional security testing Gary Hinson GLBA Google governance Gramm-Leach-Bliley Gramm-Leach-Bliley Act Gulf oil disaster hack hackers hacking Heartland Payment Systems HIPAA Human Elements identity management identity theft IDM incident incident reporting incidents Industry Commentary Information security information security governance information security incidents information security metrics information security outsourcing insider threat iPhone ISSA Japan Jennifer Bayuk Jobs in Information Security Joel Brenner keylogging law leadership Legal & Regulatory Issues Lockheed logging Lord Kelvin malicious insider malware metrics microsoft monitoring Monte Carlo Nassim Nicholas Taleb national security National Security Agency negative testing network News Commentary NIST NSA nuclear power plant meltdown objective one-time passwords outsourcing OWASP passwords Patching PCI Penetration Testing perimeter personal information Phishing Physical Security Policies and Procedures Privacy privacy regulations private sector probability probability calculus probability theory process pump-and-dump qualitative quantitative resiliency Richard Clarke risk Risk Analysis risk assessment risk management risk managment risk models ROI ROSI RSA sarbanes-oxley SCADA systems SDLC SEC secure development SecurID Security security awareness Security Breaches security economics Security Metrics self-awareness Siobhan Gorman Social Engineering software assurance Software Assurance Initiative software engineering software security assurance software testing Solutions / Workarounds subjective The Black Swan The Wall Street Journal Tools Toyota training two-factor authentication Uncategorized Virtual Trust Viruses / Worms vulnerability vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wall Street Journal web applications Y2K
© 2012 BlogInfoSec.com. All rights reserved.
|
Privacy
|
Terms of Service
Mike Rothman is stuck in an old paradigm
Here is one primary argument against information security as a business enabler, as posted by Mike Rothman: “You cannot do new things because of security. You do open up new revenue streams and add value to customers via new applications that reflect new (or updated) business processes.”
The first statement is not correct and the second statement actually supports the argument that security is a business enabler.
Let’s turn to the second statement first. It’s exactly the point of Virtual Trust. Security enables new applications to create business processes. In order for this argument to work as a counter-argument, Mike would need to explain how an ecommerce business like Amazon.com could work without authentication (UserID/Password) and without encryption (SSL). (Naturally this argument may be generalized for all ecommerce, not just a business with a pure ecommerce model.)
In regards to the idea that you cannot do new things because of security, I refer you to iTunes. DRM created trust relationships between parties thereby allowing a new product to be created. Before iTunes, P2P was the wild west of .mp3s. Now digital music is 1/3 of Apple’s business and there have been over 1 billion songs downloaded. DRM allowed that to happen. DRM allowed something new to come into the world via trust via security.
Popularity: 4%