« Are anti-virus applications a waste of money? | Main | Security metrics are your friend »

10 June 2008


TrackBack URL for this entry:

Listed below are links to weblogs that reference Challenges to sell Information Security products and services:


Prasanna Govindankutty

I am not sure I really understood the objective of the post. Regardless, your last statement about selling security is... "avoiding the nature of the human brain to accept risks when talking about possibility of loss" seems rather "pushy" from a sales perspective.

Risk Acceptance is a form of Risk Management, and its a reasonable decision as long as it was an outcome of understanding the risks in a given context.


Sorry! The words were too strong.
Most of the companies have those measures. That makes a "common sense", unfortunately.

I know, as you do, that the companies have many ways to mitigate those threats, but I am almost sure that even the ones that do know that use those security measures.

Richard Bejtlich

"Everyone knows (I hope) that some security measures are simply necessary—period. Firewalls and Antivirus, for example, are by common sense necessary."

Really? Why? In what decade?



Keep writing...

Your mate from Impacta, Diógenes


Really interesting, as you say, companies dont take seriously their security until something happen

The comments to this entry are closed.

About the (ISC)² Blog

As the certifying body for more than 100,000 information security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other information security professionals and the public at large.

The (ISC)2 blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)2 website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org

Please click here for FAQs.

Please click here for the Blog Guidelines.