The Sky Is Not Falling–What Can We Learn?

sky-falling.jpg
I’d like to respond to two questions posted to my “Security Breaches Are Good For You” post. Antonomasia writes “there are security events other than customer data disclosure – any thoughts on how those can be subjected to evidence-based assessment?” Blivious writes: “What about other kinds of breaches? The apparent moral standard only applies to personal information.”

A goal in giving the talk was to draw attention to the trend, which is that we’re talking about some breaches, and the sky is not falling. Who’dda thunk?

My hope is that over the next decade, we will mature in how we discuss breaches. 1386 will be looked back apon as a watershed event that got us talking. If that happens, then we’ll start to see other events being discussed. (This happens in the airline industry, and again, the sky is not falling.)

So yes, today, the moral standard and the law apply to personal information, but I believe that they can help transform the way we perceive and discuss other kinds of issues.

Photo: “Falling from the heavens,” from Stock.xchng.

2 thoughts on “The Sky Is Not Falling–What Can We Learn?

  1. In the security community, perhaps. I don’t see corporate counsel volunteering to talk about anything else, though. I’ve always been amazed at what security professionals will not share with each other. We should have been willing to discuss these things amongst ourselves all along — knowing that it is the only way to learn.
    Even with the security community (perhaps) coming around, I don’t see anything changing in the broader discourse. Companies do not want to share this kind of information and I believe they never will do so voluntarily.

  2. I agree–corporate counsel won’t volunteer to talk about other things, but as we have normalized talking about privacy breaches, the arguments they can marshall will start to disappear, and companies will start talking about security issues like they talk about other things.
    Honda and Toyota talk about their competitive manufacturing advantage. GE talks about 6 Sigma and being in the top 3 in a market. We’ll talk about breaches.

Comments are closed.