Can Security Policy live in a Business World?

I’ve had a couple of decent articles come through my various feeds this morning in regards to IT Security and how companies are gaining traction for the acceptance and adoption of policies.

Image by Flickr user ianlloyd
Image by Flickr user ianlloyd

I’ve had a couple of decent articles come through my various feeds this morning in regards to IT Security and how companies are gaining traction for the acceptance and adoption of policies.

Another point of interest raised by Forrester is the shift in spending toward security, but rather than defensive spending, the money is tending toward protecting the DATA. In an age where the security perimeter has shrunk from the outside of the business, to the connected systems, to any accessing device and right down to cheap, plentiful and high capacity USB storage devices, a perimeter approach seems unnecessarily costly to say the least (of course, this must be tempered with assurance of systems availability).Where this falls down however is in the belief structure of an organisation. Don O’Neill states :

“Cost is a function of perceived value.”

Thus, if you are unable to convince your financial stakeholders to invest in security, you are unlikely to be able to implement worthwhile preventative measures. On the flip side of this argument, it your company is entrenched in a border protectionism mindset, then a shift to focus on data protection (whilst maintaining systems availability via reduced defensive spending), again – you’re unlikely to succeed in implementing worthwhile preventative measures.

Image by Flickr user thenickster
Image by Flickr user thenickster

However, all is not lost – the other article discusses how we can use Social Psychology (PDF 213KB) to help encourage colleagues and influencers to adopt policies that we’d like to implement. For the most part, this is done via encouraging prosocial behaviors – that is, getting people to adopt the behaviors that they believe others are following. For instance, if I were to wish to encourage a Corporate to focus on data protection I would cite other companies such as Microsoft who are reducing their corporate firewalls on the perimeter, and doing more to authenticate users prior to allowing data to be used (i.e. check I’m an employee before you let me open, read, edit, print, email this document).



The Network World article goes on to suggest some measures to encourage adoption:

  • Post statistical information about the rate of compliance with various security measures where people can see the information…
  • Use comparison statistics about compliance rates to encourage healthy competition among work groups…
  • Provide individual information to each user in a periodic report…
  • Have rotating messages appear about different applications…

The article ends with a call to action – so be sure to actually click through

I’m sure that readers will have lots of ideas for how to apply Cialdini’s research findings. I suggest that everyone pitch in using the comment feature of this column to share these ideas…After all, 82% of all readers are cooperating with….

With all of the above in mind then – what can we do as Security Professionals to help protect our people from themselves and the big bad and nasty outside world? Well, like many others, my current soapbox is to get people to secure their files and encrypt their hard drives – do you have an area you’re focusing on? Discuss…

The Big Move: Weather Station DOWN!

I’m on the move… the last few weeks have been a steady extraction of the technology which is running here, and last nights victim was the Weather station

Weather Station Offline
Weather Station Offline

Those of you following my Twitter stream will probably know that I’m on the move from Casa de Rob to a new abode…

So – the last few weeks have been a steady extraction of the technology which is running here, and last nights victim was the Weather station which was showing live weather here. Of course, once we’re all moved into the new house I’ll be reassembling what I can, but there is much negotiation with the Wife before everything can get cabled up… Until then:

It’s winter in Auckland, New Zealand – it’ll either be cold and raining or cold and crisp.

Stay tuned 🙂

Power of People – Why your brand needs to understand buyers

A great presentation by Joakim Vars Nilsen on the power of people (why empowering people is key in marketing). There are more than a few companies who could benefit from watching this deck – and it doesn’t (really) matter what size your business is, the principals remain true, it’s just the speed of uptake which will be the variable.

Here’s a great presentation by Joakim Vars Nilsen on the Power of People (why empowering people is key in marketing).

There are more than a few companies who could benefit from watching this deck – and it doesn’t (really) matter what size your business is, the principals remain true, it’s just the speed of uptake which will be the variable.

Discuss.

Flu Hype, and reality

Swine Flu - Humorous Image via Flickr User djugglerBelow is an interesting video for those caught up in the swine flu (which it isn’t) hype.
As a bit of background, Hans Rosling is a doctor and researcher who I first ‘saw’ when he presented at TED 2006 – in this video he demonstrates some really interesting data from the World Health Organisation using Gapminder to illustrate the information in an incredibly captivating manner.

Now while Hans doesn’t discount the potential future risk of Influenza A (H1N1), he does point out the hype the media is attaching to the virus when compared to other preventable causes of death.

So, the point of the post (I guess) is that while it’s great that places such as my sons day care center are reinforcing basic preventative measures such as:

  • Regular hand washing and drying
  • Covering your cough or sneeze with your arm not your hand
  • Keeping children with any symptoms at home until they are well.

The reality is, these are life skills which don’t need a hyped up flu variant to be taught – especially in countries with ready access to medical care, and for patients who are neither very young, nor very old.

On average, the (generic) ‘flu is caught by between 3-5 million people each year, and between 0.8 to 1% (or 250,000 to 500,000 people) die from it annually. As the video points out, Influenza A (H1N1) can only claim a mortality rate of around 0.06 to 0.25%… so where were the news stories last year, and the year before that, and the year before that? As molecular virologist Dr Christopher Olsen says in the article linked above;

‘Let’s not lose track of the fact that the normal seasonal influenza is a huge public health problem that kills tens of thousands of people in the U.S. alone and hundreds of thousands around the world,’

Calm down, wash your hands and wait for the media to start reporting on something more worthwhile like, ooh – the global financial issues which actually ARE affecting a large number of people in very real ways.

Inside a Tornado

Now – while storm chasing may not strictly be the realm of geek, I’d argue that there’s a heck of a lot of technology, knowledge and innovation going on in this space – all in the aim of understanding these powerful events of nature.

For one group of storm chasers, it’s paid off and the guys in the clip below actually managed to get themselves inside a tornado – awesome!

Ahh – where’s Helen Hunt when you need her aye?

Bandwidth to join Maslow’s Hierarchy of Needs?

Those crazy French have declared access to the Internet is a “fundamental human right” as part of its decision in overturning the recent, and controversial “three strikes” anti-piracy law….Philosophically I can’t agree with the ruling or Corey here, we have no rights other than the right to what we can create for ourselves – these creations can be traded for things such as food, water and shelter – or even bandwidth.

MaslowsNEWHierarchyThose crazy French have declared access to the Internet is a “fundamental human right” as part of its decision in overturning the recent, and controversial “three strikes” anti-piracy law. The Constitutional Council, France’s highest court appear to agree with Corey Doctorow who wrote the following:

Here’s a prediction: in five years, a UN convention will enshrine network access as a human right (preemptive strike against naysayers: “Human rights” aren’t only water, food and shelter, they include such “nonessentials” as free speech, education, and privacy). In ten years, we won’t understand how anyone thought it wasn’t a human right.

Philosophically I can’t agree with the ruling or Corey here, we have no rights other than the right to what we can create for ourselves – these creations can be traded for things such as food, water and shelter – or even bandwidth.

While I really dislike being ‘disconnected’ from the grid, my social networks and the sources of information/opinion that I use to educate, entertain and improve myself – I can’t accept that this access is something that must be provided for me. I think the French have overstepped on this one – I love the outcome, but I think their artistic, socialist side is showing here.

There’s a good discussion on this taking place over on  ReadWrite Web who are covering this story – what say you?