Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.online/users/pseudonym/statuses/113058599629051689">Pseudo Nym (pseudonym@mastodon.online)'s status on Sunday, 01-Sep-2024 06:05:01 JST</a><a href="https://mastodon.online/@pseudonym" title="pseudonym@mastodon.online"><img src="https://gnusocial.jp/avatar/75877-48-20230129225229.webp" width="48" height="48" alt="Pseudo Nym" style="position: absolute; left: 0; top: 0;">Pseudo Nym</a><div><a href="https://infosec.exchange/@horse/113058175349872535" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@horse">@horse</a> </p><p>Fair enough. But are we sure this isn't confusing correlation for causation? </p><p>I worry that the policies and procedures become an end unto themselves, for checkbox compliance. </p><p>Your observation can be explained by thinking there are robust security cultures, and weak ones, and the robust ones both understand the value of having and following frameworks, and also have good practice. But it's not clear to me that the frameworks cause the practice.</p><p>The culture causes both.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3595924#notice-7054205">In conversation</a><time datetime="2024-09-01T06:05:01+09:00" title="Sunday, 01-Sep-2024 06:05:01 JST">about 5 months ago</time> <span>from <span><a href="https://mastodon.online/@pseudonym/113058599629051689" rel="external" title="Sent from mastodon.online via ActivityPub">mastodon.online</a></span></span><a href="https://mastodon.online/@pseudonym/113058599629051689">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Pseudo Nym (pseudonym@mastodon.online)'s status on Sunday, 01-Sep-2024 06:05:01 JSTPseudo Nym
in reply to
- Jake Hildreth (acorn) :blacker_heart_outline:
@horse
Fair enough. But are we sure this isn't confusing correlation for causation?
I worry that the policies and procedures become an end unto themselves, for checkbox compliance.
Your observation can be explained by thinking there are robust security cultures, and weak ones, and the robust ones both understand the value of having and following frameworks, and also have good practice. But it's not clear to me that the frameworks cause the practice.
The culture causes both.
In conversationabout 5 months ago from mastodon.onlinepermalink

Public

Embed Notice

HTML Code

Corresponding Notice