Security, finance, and risk management

From the Digital Identity weblog, a trenchant observation about security. Spinning off David Coursey's provocative Why I trust Microsoft more than my bank, the DI guys correctly point out:

The security industry has been entrenched with the idea that trust is manageable by digital security. This, the tech industry clearly has failed at delivering. It is easier to see the role of the financial services companies in identity management. They don't excel in security but in risk management, which, ultimately, will become the name of the game.
Scary but probably true.

For their part, security pros need to get much clearer with themselves and with their customers about the idea of managing a continuum of risk. Bruce Schneier's philosophical transformation, chronicled in Secrets and Lies, continues to shine a bright beacon of rationality on a troubled landscape.


Former URL: http://weblog.infoworld.com/udell/2002/05/03.html#a214