I saw this fly past on the Security Focus security-basics mailing list from an anonymous poster. I simply wanted to capture the moment here and let it sink it.
I work for one of the biggest universities in the US and they barely care about security, so I think you may be in for an up hill battle. I’ve been trying for years without any luck, the same story comes back from managment over and over, “we never had any security problems so why should we invest money to prevent them” and thats a direct quote from more than one person in managment.
good. that just means they’ll go to jail and the organization will be fined $1M when there is a data breach.
if security in the IT world remains dumb forever, it will certainly pay off the national debt and hopefully provide new consumer services and protections.
not that there will be any consumers left after privacy is gone and identity fraud becomes ubiquitous. just add cameraphone and magstripe writer.