You are hereSelling Security
Selling Security
CIO.com has an interesting article about selling security solutions from Bruce Schneier, a prominent security expert. He describes the difference between Utility Theory and Prospect Theory as applied to human beings.
The Prospect Theory argues that people are prepared to accept high risks for potential losses and low risks for potential gains. In short, spending for security is a financial loss. Hence, enterprises (people) do not prefer to spend for security. Interestingly, the reason is just due to human bias and has no financially sound explanation if carefully analyzed. The article is found here: http://www.cio.com/article/367913/How_to_Sell_Security
Tags
It is a common fact that security sales persons sometimes sell their products by inducing the fear factor and cold and calculated logic into the customers who have no in depth technical skills. Even high end consultants sometimes get caught.(Or may even be impliedly promoting the relevant security product)
Though it is not ethical , almost all the security products (including IT )are part and parcel of demand and supply economies of scale. This is the world norm. It has a holistic effect on how we live, do business and interact with each other.
With laws and regulations along with standards alone cannot solve this issue. Morales, standards, ethics ,in paper may sound fascinating but in reality the human nature has the tendency to exploit them. Hence "values" should come from within ourselves.
In my opinion, there should be an effective education system which instills these values in each individual from young age and let them mature throughout their lifetime. In this way it will have a positive impact on human interactions which will benifit in the long run.