The below excerpt if from this LinkedIn question. I was attempting to point out that we already had the tools and methods we needed to do our jobs if we only took the time to realize what our jobs actually were.
I love the saying "There is nothing new in the world, just different perspectives." INFOSEC is no different. We are grappling with the age old impact of human nature at it's worst. Greed, Malice, Hate, Envy, Spite - age old threats to any human endeavor. I once had a debate with another INFOSEC professional who was arguing that our industry had failed because we weren't *secure* yet. I ask you how can you secure something without changing human nature? After centuries of working on the same issue we still find the need for police, should we say we have failed because there is still crime?
As INFOSEC matures we will realize that we are not something new or special. We are just facing the same dark side of human nature expressed through different tools. Now we can sit here feeling special grappling for new ways to deal with the issue or realize that similarities and apply centuries of progress to the issue and go with what already works.
So what are we to do? First off dump that INFOSEC moniker, there is no such thing as security since there is no such thing as being "secure." All we can do is effectively and efficiently analyze and manage risk. By reducing the opportunities for crime to happen we can reduce the risk of loss. Again, this is a human psychology issue, we have to deter the criminal from bothering us. I refuse to speak in INFOSEC best practices. I view my job as risk management and loss prevention. While it isn't sexy as thinking of my job in sames terms of a security guard, my responses are more effective that way. Now if only that CD drive would hold donuts ....
No comments:
Post a Comment