I'm not sure how to say his last name, but there's a lot to like in John Traenkenschuh's metaphor:
We bikers know that risk is something that can be mitigated, to a point. Risk remains, and it's our job as safety pro's to limit impact and help the organization, the rider, steer a reasonably secure, er, safe course.... and also this:
Nothing I can do can wash away all the security risks with all the IT systems we're paid to protect; in much the same way that no amount of training I might provide you will remove all risk from riding a motorcycle. Instead, let's focus on forcing a quick alert if, maybe WHEN the attack occurs?This short article is not specific to our industry, and is actually written more from a vendor's point of view than a technology user's, but because survivability is a crucial backstop to good security, and certainly adds to peace of mind, there's more HERE that applies.
Photo credit: Don DeBold on Flickr.com