Comment IT Security vs as cost center... (Score 1) 77
The only thing changing is that IT in general is generally considered a "cost center" to trim, IT security an even less indirectly profitable component of that cost center, and management of most organizations is becoming more aggressive at reducing that cost. Add outsourcing and subcontracting issues and you end up with a system where there is real interest only in having an appearance of security, and standard practices revolve around plausible deniability and passing the buck.
Almost everyone whose been in enterprise security for a while has a collection of cringe worthy stories they cannot share... (sigh)