back to article Too much infosec regulation undermines security, warns NAB

More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …


This topic is closed for new posts.
  1. Denarius Silver badge
    Thumb Up

    For once, some sense

    Decent anaylisis. Big organisations are run on rulez. We have rulez, therefore there is no problem. A symptom of the reductionist fallacy at work, pun intended. The example of kit but no staff is so common when bean counters apply their limited world view to managing the largely unmanageable. In short the root cause is not technology, but managers not employing a full risk assessment, which includes all resources including enough expensive troublesome things called trained, skilled staff. Then governments might be sanely pursuaded that more rulez are not required. An example of a proactive approach was Lockheed 2 or so years ago. Known incoming, so honeypot was set up and waiting.

  2. RobertD

    Some sense, yes...

    In that a one-size fits all, tick-box compliance exercise does not mean that the risks have been managed or even identified. But some (most?) organisations possess neither the capability nor the will to fund a fully reactive, risk-based information security function. So until such time as the new EU breach/attack-sharing bears fruit and senior management actually see what is happening, it's policies, standards and checklists all round.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021