via By J.F. Rice, Computerworld...
Cadillac or Kia?
How much security is enough, and how much is too much?
...I was criticized for proposing "Cadillac" solutions to security challenges -- "Cadillac" being code for "too expensive." ...Our CIO told me that I should start thinking about partial solutions instead of more comprehensive approaches to improving our security. "Instead of trying to solve the whole problem, which is too much for us to handle, just solve a part of it," he told me.
...I've had a lot of time to think about excellence and how it applies to security. Unlike other IT specializations, where partial solutions can be effective, security has a lot more of an all-or-nothing aspect. There are some things we just have to do, or else we risk heavy consequences, up to and including complete failure of the company itself. Security is important to the continuing operation of the company.
If we try to save a few bucks by cutting our security budget, we might end up with a breach that could have been prevented, leading to loss of customer confidence, bad publicity, lack of compliance with legal regulations, theft of our confidential data by a competitor or worse.
...
a successful security program requires excellence. Otherwise, the gaps and holes we don't close will be the ones that ultimately cause our downfall. ...
Cheaping out on security can cost a lot more than it saves. ...we really do need the Cadillac. (
more)
Mr. Rice is a brave man to stand by his principles under economic pressure. The fact that 'right' is on his side helps, of course. Having been called a Cadillac by a budget-bleeding client once, I feel his pain. I have also seen "complete failure of the company itself" for lack of a Cadillac-level business espionage countermeasures security program.
BTW, I own a Cadillac (five of them, over the past 15 years). Why? Basically, for its rock solid dependability. I have never lost a dime due to a breakdown keeping me from an appointment. Cadillacs are cost-effective assurance against failure. A long time ago, I had an Olds Cutlass (gurrr). Don't get me started. I learned my lesson.
Johnson "We still seek no wider war"
Nixon SEE ABOVE
Carter "I would not use military force to free the hostages"
Reagan "We did not -- repeat did not -- trade weapons or anything else for hostages nor will we."
GHW Bush "Congress will push me to raise taxes...and I'll say read my lips, no new taxes!"
Clinton "I did not have sexual relations with that woman Miss Lewinsky"
GW Bush "We have found Weapons of Mass Destruction in Iraq"