Personal tools
You are here: Home wikidblog IT propoganda? I don't think so...
« August 2008 »
Mo Tu We Th Fr Sa Su
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Recent comments
Re:Security and Oil admin Apr 25, 2008
Re:Security and Oil Paul feet Apr 24, 2008
Re:100% open source admin Apr 22, 2008
Re:100% open source Adam Apr 22, 2008
Re:Capital Gains Tax Rates and Entrepreneurs Lance Oct 23, 2007
 
2005/02/03

IT propoganda? I don't think so...

The anonymous CEO blogger has accused me of IT propoganda. Don't worry my feelings aren't hurt ;). Of course, it is in my interest as the CEO of a security firm that more CEOs recognize the value that investing in security brings. However, I would point out a few things that IMO, keep this post from being pure 'propoganda'.

First, the study was done by the University of Maryland School of Business, not the CS deparment. As such, I don't think it is biased.

Second, the poster says they " can't recall reading any company news releases about IT security breaches". Well, that is just plain ignorant. Please be advised of SB1386 - you may have to announce a breach if you have one.

Third, the poster states "IT is not a profit center, it's a cost center". That is one way to look at it - a narrow way. You could also call the locks on the doors a cost, but a better way to look at it as a risk management expense that reduces your cost of capital. If you're a bank and you're constantly getting robbed, your cost of capital will go up. You will have to pay the highest rates on your CDs to get any deposits. The same is true of IT security.

Finally, while the anonymous blogger can't remember any announcements of security breaches (I guess they missed my post about T-Mobile's hack), he does recall "companies writing off tens of millions of dollars after an "investment" in new enterprise software failed and was abandoned". In my experience, every company makes mistakes. However, the companies that have good security have good IT in genaral and are just well run companies! Security is almost a by-product. Just one of the many things 'done right'.

I have also seen many examples of companies that overspent on security technology and had security violations. These are just poorly run companies.

The CEO Blogger thinks that the stock market is reacting to bad news and it is. The bad news isn't that an incident occurred, the bad news is that it is a poorly run company. The study is pointing out that the stock market is distinguishing between an incident that couldn't be prevented and just sloppy security.

Category(s)
Security and Economics
The URL to Trackback this entry is:
http://www.wikidsystems.com/WiKIDBlog/5/tbping
Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

(Required)
(Required)
(Required)
(Required)
This helps us prevent automated spamming.

Start using WiKID today
Got Questions? Get Answers.