Does information security enable fraud?
Information security is suppose to be about protecting the consumer from companies mishandling their information. Today, security court cases appear to be just about protecting the company and IF the consumer receives some benefit, great. Sure, there are requirements that must be met to appease the auditors and to “check the box”, but once you pull back the veneer there are often huge gaps or completely void of security. Just as companies can legally utilize “creative” accounting methods to offset negative information, I hear daily about how these same “creative” methods are used to get a check in the box for security. Many times, standing up for the consumer can force CISOs and CSOs to make a hard decision between receiving a paycheck or disputing a “business decision”. Many security professional accept the business decision and try to forget their exposure to the bully on the playground. I sense a growing confusion in the industry about what makes security successful. On one hand, th
