Response to Gary Hinson

First, you should know that I very much agree with and respect Gary Hinson’s approach to infosec. I have frequently quoted his definitive paper “Seven myths about information security metrics,” which first appeared in the July 2006 issue of The ISSA Journal, and which you can on the website “Noticebored” at

I also very much agree with his recommendations, listed in his response to my column, of more investment in incident prevention and decent contingency planning with adequate resources. I also accept that both public and private sectors are fallible.

It seems to me that Gary might have somewhat misconstrued my statements as being unquestioning faith in massive government control. Far from it. I am a strong proponent of laissez-faire and capitalism. After all, I was schooled in economics at Glasgow University, the home of Adam Smith, the father of the “invisible hand.”

Nevertheless there are times when government must intercede, like it or not, as when the private sector fails to protect the common good. And when neither government nor business accept responsibility for the “commons,” government has to fill the gap. I personally think that government intervention, laws and regulations are a result of failure of the private sector to address specific problems adequately (see my article “Son of Y2K: Time to Go Back to the Bunker …” Information Security, Vol. 3, No. 11, November 2000). I believe that such extraordinary measures should be carefully considered and taken only in dire emergencies, such as the recent meltdown of the global financial systems, where government intervention was effective in stemming the downward spiral, despite a whole host of undesirable consequences. But, having been well taught the deficiencies of planned economies by the late Professor Alec Nove, a brilliant expert on the Soviet planned economy, I recognize the failings of centrally managed economies, and would never advocate such.

Post a Comment

Your email is never published nor shared. Required fields are marked *