To offset some recent ranting posts, I wanted to point over to the most recent and absolutely awesome post from shrdlu, How secure does that make you feel? The two points I’d like to underline from this:
First, as a people, we have our flaws, and yet the world is doing ok. Remember that. Not only in terms of business and security, but also our short lives and happiness.
Second, investment advisor and the security poverty level (and the money vs risk tolerance spike!). I think this is an awesome way to put it, and it lines up with my ache whenever I hear someone thinking a solution to security is turnkey or no cost or just a one-and-done project rather than an ongoing task.
In fact, the more I think about it, the more I like the financial/investment advisor analogy. He’s not there to follow a script, but rather give his expert opinions based on your situation. Everyone should have a security advisor, even if it is just to tell you you’re not ready for the bill from one. And truly, a security advisor should have that presence to do exactly that; tell someone they’re not ready, give some entry-level advice, and waive the bill. One could almost see this also like a very customized insurance agent, as well.