Brutkey

Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:
@itisiboller@infosec.exchange

@krypt3ia@infosec.exchange I do see a move away from any RealSecurityβ„’β„’ and a move towards check-mark compliance potentially even accelerated by all the regulatory compliance requirements - While said requirements COULD have been used to improve security posture they are effectively starving effective measures (and thereby current best practices) further increasing security poverty.

"Compliance-sizing: the act of replacing highly skilled and educated cyber security professionals with auditors.

…Or just overwhelming said professionals with sheer amounts of useless β€œcontrols” developed by people with no real understanding of how Threat Actors operate"

Ian Campbell 🏴🏴
@neurovagrant@masto.deoan.org

@itisiboller@infosec.exchange @krypt3ia@infosec.exchange I think Martin has mostly nailed it here.

The OP is by someone busy trying to convince themselves of an effective move to functional compliance.

Krypt3ia
@krypt3ia@infosec.exchange

@neurovagrant@masto.deoan.org @itisiboller@infosec.exchange Compliance, has always been a fuckaround where real actionable security measures are concerned. It's lip service, specifically since most regulations have lacked any teeth whatsoever to penalize those who are not even trying to do the right things (HIPAA etc)

Krypt3ia
@krypt3ia@infosec.exchange

@neurovagrant@masto.deoan.org @itisiboller@infosec.exchange It's become an ecology of cyber insurance and check box auditing, oops, we lost all your personal data to crims, here's a year of credit monitoring, you'll be fine.