Schneier posts a link for Hunter S. Thompson that he considers a good statement on risk. I respectfully disagree. As I responded:
Thompson epitomized reckless irresponsibility. That he killed himself doesn't bother me as much as the thought that he might have killed someone else in a drug or booze inspired stupor. A man in that state simply isn't capable of weighing the risks at hand and making an informed decision.
I am not criticizing Thompson for making mistakes - I was a kid and did some pretty stupid things - but I learned from those mistakes and don't advocate doing stupid things.
As I will tell my children, life is full of risks, but don't cower in fear - watch, listen and learn - learn from others' mistakes but don't be afraid to make your own mistakes. Too bad Thompson never learned to live.
Can IT Security learn this lesson? Manage the risks thoughtfully, allow the business to live, don't insist upon excessive security that smothers the life out of a business or its people. Let's have some fun but without the stupidity.
UPDATE:
Richard Bennett also weighs in on Thompson.
As does Gerard Van der Leun from first hand experience.
(Make sure you read the comments from Gerard.)
Comments