Hulleye Comes By!

security. we all need it. some kids need their blankets or soft toys, some hollywood stars need their bodyguards, some presidents need their secret service, some networking administrators need their lockdowns and policies. as always though, increasing security is always a trade off with something else, be it anonymity, or convenience or whatever the situation may be. the world has changed after 9-11 rather significantly.

this is a very intriguing essay on security and tradeoffs by an anonymous cso.

On any given day, we CSOs come to work facing a multitude of security risks. They range from a sophisticated hacker breaching the network to a common thug picking a lock on the loading dock and making off with company property. Each of these scenarios has a probability of occurring and a payout (in this case, a cost to the company) should it actually occur. To guard against these risks, we have a finite budget of resources in the way of time, personnel, money and equipment—poker chips, if you will.

If we’re good gamblers, we put those chips where there is the highest probability of winning a high payout. In other words, we guard against risks that are most likely to occur and that, if they do occur, will cost the company the most money. We could always be better, but as CSOs, I think we’re getting pretty good at this process. So lately I’ve been wondering—as I watch spending on national security continue to skyrocket, with diminishing marginal returns—why we as a nation can’t apply this same logic to national security spending. If we did this, the war on terrorism would look a lot different. In fact, it might even be over.

the whole article is definitely worth reading.