Security failures in the financial world

As the global banking crisis is getting its share of attention, Bob Blakley from Burton Group has posted an interesting high level analysis of the current situation. The bit that I like about this piece is:

Risk management failures created the current financial crisis, and risk management failures have also created the personal information disclosure crisis, and the malware crisis, and a bunch of other problems which are not yet crises. We do risk management poorly in all disciplines. We do it poorly for a bunch of reasons: executives don't understand their own businesses well enough to understand their risks; risk managers don't know how to talk to executives about risk; incentives favor creating long-term risks in order to accrue short-term profits; the list goes on and on.