Comment Neelie (Kroes)

Making speeches talk

Comment Neelie
[...] This is not about heavy-handed measures, and it's not about trying to devise "one size that fits all". It's about a risk-based approach, one where different companies and organisations of different sizes do what is needed, proportionately to the threat they face.
Trond Johannessen
That sounds like the bankers' approach to risk: loans to the regulating government giving us the charter: 0 - 10. Loans to ourselves (other banks): 20. Loans to fund assets that have a lasting, always in demand value and that are secured by same, and so becomes ours when loan is not paid: 50. All other loans: 100. It would then naturally mean that Too Big to Fail has an IT equivalent of Too Big to be Compromised, which means individual security will remain insufficient and expensive from the citizen's point of view, and maybe the same for small business. The point of my insistence on Architecture is that the Finger-in-the-Dike approach is not good enough, nor is the risk based approach because it does not work that way in IT. The Pentagon gets hacked. The large military contractors get hacked, AND my laptop gets hacked. The purpose of an Architecture approach is to work at the fundamental problem, not just creating a business stimulus, a new Y2K like hype for businesses that can write a large enough check to be protected. Change elements that enable and empower the transgressors now and in the future. You will only do that if you attack the Architecture.
Trond Johannessen, 12/11/2013 13:09