data loss is the same as physical property loss. Since that's never going to happen, data security in the IT field will probably be a fool's errand.
Let me explain. First this post is a good rant on security issues and how management perceives it.
If someone steals your iphone or laptop, that loss is completely tangible. You had it then you lost it; something which you paid lots of money to get. There is an incentive and an object that you know that belonged to you that got stolen that makes you want to safeguard it. Compare this to a database breach; The same data is still there except that someone else too, unauthorised, has a copy. In fact, there is nothing like someone got punched, got a gun pulled at his face,blood,screams,physical assault with the object forced from their hands. One random day, someone reports that there was unauthorised access and the data has probably been copied over.
That's all.
You expect people to swoon over data loss, some electronic stuff which to most people is fungible?
I'm convinced that this is the primary reason why no one cares or will care. It's just not the same as physical property loss(Of course the impact of the data loss is large;not denying that). I think Nicholos Negroponte explained this well in his book 'Being Digital'. Something along the lines of "what's original and what's a copy in the digital realm when one bit is the same as the other bit?" and the values attached to them compared to physical originals and copies. How does one even know that a file has been copied a million times?
All the worst case scenarios and security checks will probably never impact management till some cracker figures out a way to steal the data centre, lock, stock and barrel. :-)
Let me explain. First this post is a good rant on security issues and how management perceives it.
If someone steals your iphone or laptop, that loss is completely tangible. You had it then you lost it; something which you paid lots of money to get. There is an incentive and an object that you know that belonged to you that got stolen that makes you want to safeguard it. Compare this to a database breach; The same data is still there except that someone else too, unauthorised, has a copy. In fact, there is nothing like someone got punched, got a gun pulled at his face,blood,screams,physical assault with the object forced from their hands. One random day, someone reports that there was unauthorised access and the data has probably been copied over.
That's all.
You expect people to swoon over data loss, some electronic stuff which to most people is fungible?
I'm convinced that this is the primary reason why no one cares or will care. It's just not the same as physical property loss(Of course the impact of the data loss is large;not denying that). I think Nicholos Negroponte explained this well in his book 'Being Digital'. Something along the lines of "what's original and what's a copy in the digital realm when one bit is the same as the other bit?" and the values attached to them compared to physical originals and copies. How does one even know that a file has been copied a million times?
All the worst case scenarios and security checks will probably never impact management till some cracker figures out a way to steal the data centre, lock, stock and barrel. :-)