begin quoting James G. Sack (jim) as of Sun, Jun 15, 2008 at 02:33:26AM -0700: > Schneier points out why security is a tough sell in an interesting > article that describes the psychology (and a rational explanation, > even!) behind the reluctance to pay for security. > > http://www.schneier.com/crypto-gram-0806.html#9 > > The bottom line advice: > """ > ..solution is not to sell security directly, but to include it as part > of a more general product or service. Your car comes with safety and > security features built in; they're not sold separately. Same with your > house. And it should be the same with computers and networks. Vendors > need to build security into the products and services that customers > actually want. CIOs should include security as an integral part of > everything they budget for. Security shouldn't be a separate policy for > employees to follow but part of overall IT policy. > """
Bolt-on security is often held in contempt; we tell folks "build in security to your system" -- or at least put the hooks in, if you might one day want it to be secure -- and selling security to the end user is no better. However, selling security to VENDORS... there's a market. Hopefully. -- If users can externalize the cost of security breaches, they won't be secure. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
