tag:blogger.com,1999:blog-4088979.post116291290337583036..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: When Laws Aren't EnoughRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-1162950914871323342006-11-07T20:55:00.000-05:002006-11-07T20:55:00.000-05:00Richard, the threat which causes financials to spe...Richard, the <I>threat</I> which causes financials to spent more on it/infosec in many cases is regulators not external attackers. If a company can not demonstrate compliance with an ever increasing list of audit checkpoints on it/infosec (vulnerability), there is a <I>risk</I> of facing fines or suspention/loss of the company license (exposure).<BR/><BR/>This is part of why financials are tending to put it/infosec into risk management along with control systems aimed at BASEL II and SOX compliance.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1162914272253073792006-11-07T10:44:00.000-05:002006-11-07T10:44:00.000-05:00it's not complacency. it's the old adage, why blow...it's not complacency. it's the old adage, why blow cash into security initiatives when nothing has really happened.Anonymousnoreply@blogger.com