Cybersecurity expert argues FUD can be effective

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/708215/cybersecurity-expert-argues-fud-can-be-effective

By Taylor Armerding
CSO
June 11, 2012

Sharon Nelson thinks a certain amount of Fear, Uncertainty and Doubt 
(FUD) is a good thing.

Nelson, an attorney and president of the information security, digital 
forensics and IT consulting firm Sensei Enterprises, knows she is taking 
something of a contrarian view. Most objective experts in the 
information security world view FUD as essentially part of a sales 
pitch: Scare the IT manager enough and they'll buy your security 
product.

They also tend to dismiss it as exaggeration in the analysis of recent 
revelations that the U.S. was behind not only the Stuxnet worm used to 
attack the Iranian nuclear program, but also the Flame espionage 
malware.

Most security experts agree that cyberattacks are a major, costly 
problem, both for industry and government. But they say it is going 
overboard to call it a war. As Bruce Schneier, chief security technology 
officer at BT and author told CSO last week, "Throughout history, the 
definition of a 'major war' has involved casualties in the hundreds of 
thousands. That means dead people."

But Nelson doesn't shy away from the term "cyberwarfare" or from FUD. On 
Sensei's Ride The Lightning blog, she contends, "The line between 
cyberwarfare and the real thing is a fine one -- one our enemies may not 
appreciate."

[...]


--
Certified Ethical Hacker, ISSMP, ISSAP, CISSP training
with Expanding Security gives the best training and support.
Get a free live class invite weekly. Best programs, best prices.
http://www.ExpandingSecurity.com/PainPill