In March, 2008, Alan Shimel-who blogs at http://www.stillsecureafteralltheseyears.com/ – wrote a fascinating entry with the provocative title: “Sitting on Your Hands is Not an Option-FUD, Compliance, What will it Take to Sell Security?” Unfortunately, the text is no longer accessible. However, in the space of a few sentences, Shimel offered an intriguing history of the drivers for the existence of information security.
In the beginning (which ended, according to Shimel, in the late 1990s) was FUD. You are doubtless aware that FUD is the somewhat obnoxious-sounding acronym for Fear, Uncertainty, and Doubt. These dark emotions, according to Shimel (and many others in the profession), used to represent the major reasons why senior management would even consider investing financial assets in the notorious cost center that is information security. According to this logic, it is better to fund security software and staff than endure the horrific consequences of a data leak or system outage. Information security serves as insurance against the unthinkable possibilities conjured by FUD.