It may be cute to complain about business buzzphrases, but we have our own stupid, inane little buzzwords as well. I really hate hearing meaningless maxims like “compliance is a process, not a product.” No shit, but don’t we purchase products to support processes? Maybe security should idealistic and ephemeral, something we can feel good about in our heads but not actually do anything about…but I guess that’s not me. This maxim can be used to attack any product anywhere in our field…making it rather meaningless. I prefer saying something to the effect that, “tools won’t create process, process comes first” or “a tool will not solve our problems in the absence of a process.” That sort of statement isn’t something I can use to attack the idea that NAC can be at least partially justified by compliance efforts. Let’s say I do have the process and NAC is my tool to streamline it? Fratto has a point that NAC has a number of drivers behind it, but he is wrong to denounce an arbitrary one using an inane, meaningless buzzphrase.
Saw this from Rothman’s daily incites.
Along the same lines: each time a salesman says “70% of attacks are internal”, God kills a kitten. True.