I read a story recently about the insecurity of wireless phone headsets. I was most surprised by the comments of a security expert who downplayed the concerns over these devices. In fact, the assessing team used the phones to record conversations, from which they created the "identity" of an employee from another office. They then used that identity to gain acces to the building, get a corporate ID badge/access card made (it allowed full building access), and were able to grab a desk in the building and connect directly to the corporate network. It seemed curious to think that this security expert would downplay the risk of these devices. Security is more than ROI and aligning with the business, even though those are the new buzz-phrases today experts are singing. Security isn't about ROI or business alignment, although those are handy things to talk when it's budget time. Rather, when it's your job on the line, security is still about risks and threats.
-Geoff
