from the what-doesn't-kill-you dept.
wiredmikey writes "Along with budget constraints and disconnect between IT and executive management surrounding information security, results of a recent survey show that a major problem is outright lack of understanding of threats. We all know the best way to get that budget increased, is to get hacked. Unfortunately, that could also result in you losing your job. Some companies, however, are taking creative approaches to both raise awareness and identify potential vulnerabilities. A manager with a large financial services group, for example, says that his company addresses security vulnerabilities by staging a series of what it calls 'war games,' in which a user or group of users is tasked with trying to compromise a system, while another user or group of users is tasked with preventing the break-in. Management needs to understand the security threat and its impact to business, and these 'war games' are an innovative and creative way for IT departments to convince executive management on security needs."
We can found no scientific discipline, nor a healthy profession on the
technical mistakes of the Department of Defense and IBM.
-- Edsger Dijkstra