Comments on: Dr. Gordon: Information Security can have a positive return http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/ An Information Security Magazine in a Blog Format Mon, 30 Jan 2012 11:01:25 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Kenneth F. Belva http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/comment-page-1/#comment-113 Kenneth F. Belva Mon, 27 Aug 2007 23:03:30 +0000 http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/#comment-113 @Adam I have replied to your post <a href="http://www.bloginfosec.com/2007/08/27/a-clarification-for-shostack/" rel="nofollow">here</a>. @Iang I think that part of the Gordon-Loeb model is loosely aligned to your comment to "not put in security until the enemy tells you where and when" I also think, Iang, that my reply to Adam will address some of the issues you raise @Adam

I have replied to your post here.

@Iang
I think that part of the Gordon-Loeb model is loosely aligned to your comment to “not put in security until the enemy tells you where and when”

I also think, Iang, that my reply to Adam will address some of the issues you raise

]]> By: Iang (GP) http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/comment-page-1/#comment-112 Iang (GP) Mon, 27 Aug 2007 22:41:54 +0000 http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/#comment-112 Hold on, this sounds like taking marketing / MBA speak and turning it into proof of necessity. Of course security MAY translate to better revenues ... but does it? I say no, in general. History is replete with examples of winners who ignored security, and losers who concentrated on security. I postulate on why this is in a series of rants called GP, and the conclusion is ... unfortunately ... do not put in security until the enemy tells you where and when. Especially, trying to sell "trust" is aligned strongly with deception, confusion, and ultimately large losses. The days are long gone when you can simply sell security on a compelling story; now, you will have to show it. Hold on, this sounds like taking marketing / MBA speak and turning it into proof of necessity.

Of course security MAY translate to better revenues … but does it? I say no, in general. History is replete with examples of winners who ignored security, and losers who concentrated on security.

I postulate on why this is in a series of rants called GP, and the conclusion is … unfortunately … do not put in security until the enemy tells you where and when.

Especially, trying to sell “trust” is aligned strongly with deception, confusion, and ultimately large losses. The days are long gone when you can simply sell security on a compelling story; now, you will have to show it.

]]> By: Adam http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/comment-page-1/#comment-111 Adam Mon, 27 Aug 2007 16:18:45 +0000 http://www.bloginfosec.com/2007/08/20/dr-gordon-information-security-can-have-a-positive-return/#comment-111 My comments are in "<a href="http://www.emergentchaos.com/archives/2007/08/security_advantage_i_dont.html" rel="nofollow">Security Advantage? I don't buy it" which I just posted. My comments are in “Security Advantage? I don’t buy it” which I just posted.

]]>