In the old fable, the Boy Who Cried Wolf was capricious and stupid. He cried “wolf” the first two times because he wanted to see who would come. The third time, when the wolf actually appeared, he cried out and no one came. He became wolf chow.
But what if the Boy Who Cried Wolf had actually seen a wolf the first two times? Would help still have come the third time? What would have happened, in that wolf-infested forest, if he had cried five, six, seven times?
This is a question that IT security professionals face every day. And there isn’t always a clear answer.
via For Security Pros, Maintaining Credibility Means Walking A Fine Line | Dark Reading.
This is always a concern for InfoSec professionals. Another piece that goes with is a measured response. Running around claiming the sky is falling at the first blush of a security issue only to later learn it’s not as bad as the headlines made things out to be can also poison the audience to real threats.
I like this quote from the same article:
A security warning is only as good as the credibility of the professional who delivers it.