[funsec] High Concept Comedy: Security is Economic!

Bruce Ediger eballen1 at qwest.net
Wed Sep 5 11:36:55 CDT 2007


On Wed, 5 Sep 2007, Valdis.Kletnieks at vt.edu wrote:

> The benefit of lowering it from N to N*0.95 needs to outweigh the costs of
> the care and feeding of said beast.

Wait, you mean that "security" is an economic good, with costs (direct
and opportunity) and benefits that must be balanced!?!

What a concept!  Unfortunately, a concept TOO COMPLEX for the average
manager (much less CX0-leveler) to understand.

Why, just last Wednesday, I was informed that Sarb-Ox demands that all
source code files sport an elaborate, COBOL-style "flowerbox" full of
irrelevant, and possibly uninformative details about work sets and
dates and modifer-IDs.  Now, there's some make-work I can get behind,
since Sarb-Ox *doesn't* demand that developers put in any comments on file
check-in to the version control system, nor do we have to tie a check-in
to a change request or other requirement.  Nevertheless, THE FLOWERBOX
IS REQUIRED, costs be damned.

That's what a manager can understand, the 3 Great Traditions of Sarbanes
Oxley: Rum, Requirements and The Lash.

PS
Will sarcastic and/or sardonic humor make it "fun" enough, or is the low
information content and context-dependency of said sarcasm or sardony
not enough to clear the High Hurdle of "fun"sec?


More information about the funsec mailing list