A quick quiz for you: Who has the worst security program – Bank of America, Wells Fargo, Choicepoint, Lexis-Nexis, Ameritrade, Time Warner, T-Mobile, or you?
If you think you know, but you don’t have direct contact with individuals in all of these organizations, then you are wrong. I would venture a guess that some of these organizations listed have the STRONGEST security programs in the world, not the weakest.
We are letting our security success be defined by whether an incident is publicly reported or not. This is poor precedent. We need data, and we need it bad.
We only remember failures.
By “program” do you mean overall strategy, or software?
Because in these cases, they might have the strongest programs in the world but also the lousiest practices as well.
I mean strategy, practices, and operational solutions. That is, they can talk the talk AND walk the walk.