Security as it applies to a system is perhaps one of the most misunderstood concepts in the world of technology. We choose to frame this weblog with this statement because security as it applies to many other areas of our lives is often handled in a much more sensible manner. For example, if your goal is to not lose your children when you go to a crowded theme park, you might agree to a system with your significant other (and perhaps your children) to insure that does not happen. You might also agree on what you might do if "Plan A" fails. One procedure you would probably not use is buying an "Antiloss Child Securomatic System" and implicitly trusting it to do the job. You might decide, however, that it would be a good idea to give your children cell phones, or put a business card with your phone numbers in their pockets or shoes. In other words, the "technology" deployed would naturally fall out of the requirement of not losing track of your children. Surprisingly, the "technology" does not have to be very high tech at all, and can end up doing a far better job at securing your children than the "Antiloss Child Securomatic System", and cost far less.
This may be a somewhat silly analogy, yet this is one of many issues we face. It is easier for some organizations to simply trust a consultant or a technology to do the job than to work towards understanding the problem and working with the consultant and technology to achieve the desired result. What do you think?