Last week, at the Twin Cities IANS conference, Marcus Ranum said that "security is not science, its voodoo. The auditor comes in and you sacrifice a chicken." There are limits to this approach's effectiveness over time.
WSJ reports that Florida is one of three states where interior decorators must be licensed before they hang a single painting or arrange a couch in an office, home or school. There are now attempts to deregulate this industry, but these attempts have met with predictable push back from entrenched interests:
That possibility has the state's licensed interior designers ruffled. They've hired Ron Book, one of the state's most influential lobbyists, to fight the bill. And they've stormed legislative hearings to warn of the mayhem that would ensue if the measure passes.
Among the scenarios they've conjured: flammable carpets sparking infernos; porous countertops spreading bacteria; jail furnishings being turned into weapons.
The thought of "someone in my position that thinks they know what they're doing because they watched HGTV for two weeks scares me," licensed interior designer Terra Sherlock said at a hearing in March.
Another licensed designer, Michelle Earley, argued that use of the wrong fabrics in hospitals could spread infection. By deregulating, she told lawmakers, "what you're basically doing is contributing to 88,000 deaths every year," citing a study by the Centers for Disease Control and Prevention on deaths from hospital-acquired infections.
...
Interior design "sounds like this simple hanging curtains on a wall," said Ms. Earley in an interview. But "it only takes a couple things to go wrong for people to lose their lives."
So there you have it - infosec clearly does not own a monopoly on FUD! People who attempt to operate these design businesses without certification are subject to fines and other disciplinary actions.
What I find fascinating about the story is the ability of incentives to drive behavior that is completely out of whack with reality. In Infosec we see audit and regulations driving behavior on a daily basis, and its not all bad, but it would be helpful if the policy makers take care to align the regulations to what matters.
On a related note: Lenny Zeltser looks whether compliance helps or hinders security
So Gunnar which certifications do you hold?
Posted by: Certifiable | April 20, 2011 at 11:20 PM