I thought his main point was "don't bother scaring yourself, if you're not going to do anything about it." As Ted Roche always says "Security is a process". If you find a reasonable security hole, fix it reasonably. I leave it up to you all to determine what is 'reasonable'.

-----Original Message----- From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of Ken Dibble Sent: Friday, February 24, 2017 10:17 AM To: profox@leafe.com Subject: RE: [NF] Unbiased Cyber Security Resources

Not every theoretical threat ever becomes an actual threat, and not every actual threat is an actual threat for a particular organization. The idea of security management is to apply cost/benefit analysis to find the best means to address actual vulnerabilities in a specific setting.

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.

Thank you.