On Thu, Apr 15, 2010 at 13:37, Brian Clark <[email protected]> wrote: > After a long week doing a SBS migration I didn't know how to take this > article and needed to share it!! > > http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_not_change_your_password/?page=1 > > > Brian
The paper on which the article is based is likely very flawed. For instance, it assumes that breaches conform to some sort of "average" cost, which is almost certainly not the case. Either you don't get hacked, and therefore don't have a monetary loss, or you do, and if you do, and the monetary loss is likely to be enormous, relative to your assets. Also, the numbers he cites are poorly documented - the losses could be 10 or even 100 times higher than he's quoting. Also, if you take the paper's argument seriously, it's likely you'd start advocating that we don't pay for insurance, either. This quote is pretty telling: "“A lot of advice makes sense only if we think user time has no value”. That simply isn't true - we're trading time for money in this case - with the money equivalent being insurance. Of course, the real problem is difficult: We play and work in a computing environment that has fundamentally flawed software, and that environment is also hostile. Compounding that is the fact that computing is not an easy thing - it's the most complex activity ever devised, and the general run of apes from the savannah (us - all of us) don't deal well with complex environments without *lots* of training. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
