Schneier: The Not-Too-Gloomy Conclusion
|
The final installment of my conversation about security with Bruce Schneier (read the whole thing here). Know It All: This is kind of depressing for a CIO -- my technology won't keep up, I need to be sued, my people can't be changed...what's the good news? What affirmative steps can I take to create a secure and profitable company? Bruce Schneier: The good news is that society works. None of the problems I've talked about are new, they've been problems for thousands of years. Most people are honest and honorable, most of the time. If that weren't true, civilization would collapse. So most bad news is around the edges. Companies aren't going out of business every day. The lesson is, maybe you're worrying too much. Yes, it's your job to worry, but go outside and have some social perspective. Lots of things are life and death, and there are bad actors, but even with respect to terrorism a little healthy skepticism is a good thing. There are people who are scared all the time, they've been defeated.Know It All:Some people out there want people to be scared. Schneier: Fear is very common way to sell security. People buy things for reasons of fear or greed - either you want the thing, or you want to avoid something else. Security is inherently a fear sell. Nobody wants to buy security, they want to avoid what would happen if they didn't. It's perfectly understandable that companies push the fear button.Know It All: Which is not to say that real problems don't exist. Schneier: Of courseKnow It All: It's the balance between perception and reality that's hard. Schneier. Right. |
