Comment Re:What about those of us who aren't sure anymore? (Score 2) 174
How does pushing paper ensure a system is secure?
You've clearly never worked in security.
You can never fully secure anything. All you can do is shift liability away from your business.
You need to reduce the chances of a breach to the point that the number that occur and lead to lawsuits costs you less than the effort to make it more secure.
You could technically require every customer to drive down to your main office in person and show ID before logging in... but what would that do to your business?
Secondly, procedure is everything. How do people handle data? What is the process for updating a router? LDAP? the VPN? etc?
90% of security is writing bulletproof process. 9% are the people that follow that process. 1% is HR firing people that don't.
If you just hire "Security people" and expect them to act "securely" you're just asking for trouble.