Schneier calls for liability

An entertaining interview with Bruce Schneier in IT Security. He sets out in typically forthright style his view on big questions such as ‘Is security a solvable problem?’ He says, “Organizations need to be liable if they expose our personal information. That’s the kind of economic incentive that will result in more security.” Cases like the Nationwide Building Society’s recent £1 million fine demonstrate that this liability is becoming real, which will intensify the pressure on organizations to implement ISO 27001 as the best practice test of their infosecurity.