Scaling the Security Chasm - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Scaling the Security Chasm

User Rating:

How can I rate this item?

Source: ServerWatch - Posted by Alex

Many people wear seatbelts because they could get fined if they don't, rather than because wearing them might save their life, security consultant Dr. Anton Chuvakin observed during his keynote speech at the Hack In The Box security convention in Amsterdam in early July. It's an interesting observation, and one that has interesting implications for server security. Chuvakin points out that before governments made seatbelts compulsory, seatbelt use was low even though most people understood the benefits of wearing them. It was only when seatbelt laws were passed that usage went up significantly.

There's a parallel here with the server security measures that many organizations take to protect customer data, he said. Most companies understand poor server security potentially is harmful to their business, but it's often the threat of breaching compliance regulations rather than potential harm to their business that prompts them to take any sort of action. "To me that's weird and illogical on many levels," said Chuvakin. "Why would we secure our networks because some regulation tells us to do it and not because some hacker might break in and steal things?"

Read this full article at ServerWatch