Security Economics
by Ionut Ionescu - Director of Security Services, Nortel (EMEA) - Wednesday, 29 August 2007.
The main idea we need to tell our clients is that security can be a business enabler and not just an “IT cost,” Let’s stop viewing information security through the prism of fear and start to quantify it and, more generally, technology risks and threats in economic terms. At the end of the day, buying decisions are made by business people and not necessarily by technologists, so security investment decisions must make business sense in order to be adopted.

We need to articulate the economics angle whenever we buy or sell security. This should enable us to make rational (economics-based, rather than fear-based) decisions when it comes to security. Let’s not allow fear or the latest technological fad to cloud our judgment. We can and should place economic value on security measures, be they technology, people or processes. If we adopt an economic approach, we can demystify Information Security and make it a friend of the organization. This should benefit both the ‘buy’ and the ‘sell’ side of the market.

Next time you turn on your system at work and it asks you to change your password, you know you’re facing an economic decision. It is always cheaper to comply than to clean up after a security incident. The economic benefit of complying with the security policy will accrue to both you and your organization. Then, you can concentrate on doing what you do best, knowing you’ve done “your bit” to keep your information safe. You know it makes (economic) sense.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th