About the
(ISC)² Blog

  • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

    (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

    The postings on this site are the author's own and don't necessarily represent
    (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

    Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

    Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

    Please click here for FAQs.

    Please click here for the Blog guidelines.

« Are anti-virus applications a waste of money? | Main | Security metrics are your friend »

10 June 2008

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54f109b67883400e5534579ae8834

Listed below are links to weblogs that reference Challenges to sell Information Security products and services:

Comments

Really interesting, as you say, companies dont take seriously their security until something happen

Congratulations!

Keep writing...

Your mate from Impacta, Diógenes

"Everyone knows (I hope) that some security measures are simply necessary—period. Firewalls and Antivirus, for example, are by common sense necessary."

Really? Why? In what decade?

Sorry! The words were too strong.
Most of the companies have those measures. That makes a "common sense", unfortunately.

I know, as you do, that the companies have many ways to mitigate those threats, but I am almost sure that even the ones that do know that use those security measures.

I am not sure I really understood the objective of the post. Regardless, your last statement about selling security is... "avoiding the nature of the human brain to accept risks when talking about possibility of loss" seems rather "pushy" from a sales perspective.

Risk Acceptance is a form of Risk Management, and its a reasonable decision as long as it was an outcome of understanding the risks in a given context.

The comments to this entry are closed.

Recent Contributors

Past Contributors