Loading ...
Richard Bejtlich of TaoSecurity tries to defeat Virtual Trust only to come up short. Here is his blog post and my two replies.
I had already answered his core objections — that security is purely a loss prevention model and that “security does not make money” — on full-disclosure.
He also objects through a little dialogue he scripted when he writes:
Boss: “What is the initiative?”
SecGuy: “Hmm, I don’t know. But whatever it is I will secure it and enable business through virtual trust!”
The Virtual Trust reply: Isn’t this more a lack of business knowledge on the part of the security professional than a weakness of the theory of Virtual Trust and enablement?
The funny part is that he agrees with me more than he realizes when he writes: “Security may be a necessary condition for sales and a thousand other activities…” Isn’t a necessary condition essential for enablement?
