Friday, March 17, 2006

Win Their Hearts and Minds

I am a Certified Information Systems Security Professional, courtesy of (ISC)2 and the passing of a very difficult exam. On one of the forums we have been banding about a topic of interest. I wanted to excerpt part of one of my responses

We are lethal in our commitment to security. We also are in business to get products and service to market, and I do not have to explain to anyone just how difficult that is in the tech business. I need to keep this bunch of genius geek lunatics happy and productive and avoid annoying there blessed Libertarian spleens. I have the benefit(or the curse) to have worn multiple hats in my career, and see the problem from several sides.

Like it or not, we in the high tech startup world balance security, operational effectiveness, market leadership and HR Morale issues every day. Not to mention injecting a healthy dose of "cool" into what we do (what the heck is the iMac at the end of the day but just plain cool?).......

....The deny/close/object to all mentality of some security groups in the end can be counter productive. In my Navy days, lots of people spent a heck of a lot of time and brain cycles trying to keep ship movements into and out of Subic Bay a "critical secret". Now, dear reader, choose what you think was the best way for a person in the "not need to know" category would go about compromising this information:

a. Space based Recon.
b. Passive monitoring of shipboard radio traffic
c. Human Intelligence activities directed against the Pentagon
d. Ask your favorite Subic Bay "escort".

If you chose d, you would have more than often have been right. It was a fool's errand, the girls had "boyfriends" on the ships and it was their business to know when and where the sailors were. They should have just published ship port calls in the local newspapers and spent the dollars saved in figuring out that the Walker Ring was in business a couple of years earlier.

Ok, soapbox over. I beg everyone's indulgence. The point remains the same. Your approach and solution has to match and support the business culture and culture often expresses not just preferences but real operational needs of the biz. To win the security war, systems and rules are not enough..you need to win the hearts and minds of your populace.


Hearts and minds, the key to winning at insurgency, or being a good counter insurgent. I have found that it is the key to most organizational success. This led me to thinking about computer security in a new way.

Seem my next post for more thoughts on that subject.

posted by Maurice_Basilius @ 3:17 PM

0 Comments:

Post a Comment

<< Home