security buzzphrases make newborn puppies cry

It may be cute to complain about business buzzphrases, but we have our own stupid, inane little buzzwords as well. I really hate hearing meaningless maxims like “compliance is a process, not a product.” No shit, but don’t we purchase products to support processes? Maybe security should idealistic and ephemeral, something we can feel good about in our heads but not actually do anything about…but I guess that’s not me. This maxim can be used to attack any product anywhere in our field…making it rather meaningless. I prefer saying something to the effect that, “tools won’t create process, process comes first” or “a tool will not solve our problems in the absence of a process.” That sort of statement isn’t something I can use to attack the idea that NAC can be at least partially justified by compliance efforts. Let’s say I do have the process and NAC is my tool to streamline it? Fratto has a point that NAC has a number of drivers behind it, but he is wrong to denounce an arbitrary one using an inane, meaningless buzzphrase.

Saw this from Rothman’s daily incites.

One thought on “security buzzphrases make newborn puppies cry

Comments are closed.