« Using a Data Breach as a Sales Opportunity | Main | Organized Crime Infiltrating Retail to Facilitate Credit Card Fraud »
Sunday
Jun282009

Approaching Information Security Like Disease Prevention

DateSunday, June 28, 2009 at 12:14AM

This is an interesting article by Cory Doctorow that uses the analogy of teen sex and abstinence to explain why the traditional approach of information security just does not work.  My favorite quote:  "...you need to become an epidemiologist of your users' unsafe activity."

Like Teenagers, Computers are Built to Hook Up

He raises a good point that goes beyond the defense in depth model.  Just telling your users not to plug sensitive systems in to the internet doesn't work any better than telling teens not to have sex does.   They are going to do it (or not) for their own reasons, and expectations of blind obedience are naive at best.  

Computers (like teenagers) that are connected, but unprotected, will be at higher risk for unpleasant consequences.  The responsibility of the Information Security practitioners is to faciliate secure methods for people to get their jobs done.  In determining why people have connected these sensitive systems (and thus exposed them to the digital diseases found on the internet), better security can be achieved. 

 

AuthorSuzanne Widup | CommentPost a Comment |

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.