"Security is secondary". Okay.
How about in the banking world?
How about securing a nuclear deterrent?
Your generalization goes too far. IT's direct responsibility is as a business enabler. Users are one extremely important part of that, but business requirements vary by industry and project.
In many sectors, security requirements are a business requirement, stipulated by customer, regulation, industry standard, or funding source. In these cases security is the prerequisite to the business. Without security, no business, no users.
Example: If the lab in question receives grants, or works with human subjects or their data, they must handle the data according to grant or NIH stipulations, or risk losing their funding.
Slashdot Mirror
"Security is secondary". Okay. How about in the banking world? How about securing a nuclear deterrent? Your generalization goes too far. IT's direct responsibility is as a business enabler. Users are one extremely important part of that, but business requirements vary by industry and project. In many sectors, security requirements are a business requirement, stipulated by customer, regulation, industry standard, or funding source. In these cases security is the prerequisite to the business. Without security, no business, no users. Example: If the lab in question receives grants, or works with human subjects or their data, they must handle the data according to grant or NIH stipulations, or risk losing their funding.