[snip]
Do present day management types spend heaps of money on good will? My anecdotal experience says they do not - at least not in most cases. There are notable exceptions, such as Ben & Jerry's Ice Cream, for whom good will seems to be a driving force in their decision making, but for the most part corporate types are focused on short-term profits, not good will or trust.There is an alternative: Virtual Trust(2) as an information security model. According to the Virtual Trust model, security actually creates business and generates revenue.
In fact, I can think of several examples where the company's public-facing services (tech support, customer service, etc.) seem deliberately designed to irritate the customer to no end, yet they continue to do business quite nicely.
Whether you approach the "selling" of security from the risk avoidance angle or the virtual trust angle or even the fear of imprisonment angle, I think the bottom line is, security (in fact, all of IT) will always be viewed as a cost center, just as accounting and other support functions are. Unless you can demonstrate concrete revenue generationg directly attributable to security, I don't think you can overcome that perception (and loss avoidance through trust building does not generate revenue.)
Paul Schmehl (pauls@xxxxxxxxxxxx) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
p7s3JEda09OWz.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/