Non-IT C-levels love absolutes on security. They want to know that if they approve those 50 more security staff and $200 million in additional equipment and software, breaches can be blocked. IT knows that it’s a silly question, that the best one can ever hope from security is to make it increasingly more difficult to break in. CFOs and CEOs want guarantees and none exist in security.

What brings this to mind is some fallout from a court-approved settlement from the Target data breach. Dark Reading did an interesting analysis of that settlement, where it argued that the court erred in signing off on Target’s punishment. The piece made some interesting — and valid — security points, but it failed in the “so what?” conclusion.

To read this article in full or to leave a comment, please click here