17 March 2007

CYA security

Another form of CYA [Cover Your A**] security is the overly specific countermeasures we see during big events like the Olympics and the Oscars, or in protecting small towns. In all those cases, those in charge of the specific security don't dare return the money with a message "use this for more effective general countermeasures." If they were wrong and something happened, they'd lose their jobs. Bruce Schneier 15 March
Mr Schneier hits the nail on the head. The real goal of so many bureaucratic activities comes not from being successful, nor even from avoiding failure, but from avoiding one’s exposure as a failure. Tried, tested and failed methods will almost always win out over new and imaginative measures: if something hasn’t been done before the penalties for failure are far higher than sticking to the script even if failure is thereby assured.

No comments: