About Brakes and Speed E052 2025 01 13 A Bit of Security for January 13, 2025
Today we’re going to take a brake – literally. Marshall McLuhan quipped “We are chained to our metaphors, so to speak.” I’m going to walk through three metaphors that historically map, inexactly, to our progress on integrating cybersecurity into our business processes. Reasoning by analogy is not precise, but it can be compelling. Telling a story may help you get your point across better than your carefully calculated estimate. No degree of precision in your spreadsheet will be as compelling as a well-chosen word.
About one hundred years ago, Ettore Bugatti remarked, when criticized about the poor brakes on his cars, “I build them to go, not to stop.” This reminds me of the comment from Elizabeth Holmes as to why she didn’t do disaster recovery planning – “it envisions failure. I don’t want to envision failure.” In fact, her fear of a solid DR plan is that it would require a thorough audit of her business, which would have cast light on the fraud she was perpetuating. But Bugatti was sincere – it was hard enough just building a fast car in the 1920s.
In the early days, information security was an afterthought. It may still be, in your organization. The mission doesn’t speak to safety, trustworthiness, privacy, or security explicitly, so any failure lapses to the banality of “I build them to go” or in more contemporary terms Scott McNealy’s famous “You have no privacy – get over it.” Ignoring a problem doesn’t make it go away, but it does discourage innovation towards possible solutions.
It’s not security’s job to reduce risk. The Board of Directors determines the level of risk an organization chooses to face. It’s security’s job to manage the impact of that risk on the organization.
Rhonda MacLean, speaking as keynote at a Gartner Information Security Conference in the 1990s, asked, why do you put brakes on cars? The first thought is “To slow down.” But that’s what brakes do, it’s not what they are for. If you want a slow car, just build a slow car and save the cost of the brakes entirely. The reason you put brakes on a car is so you can go fast – until you need to stop. The purpose of a brake is to let you go as fast as you want until you need to stop.
This is a more enlightened approach. There is a need for security, but we have to shift the focus from traditional information security telling folks what they cannot do. In the late 1980s we were told “You can’t use the Internet – it isn’t safe.” In the 1990s we were told “You can’t use Wi-Fi – it isn’t safe.” What those prohibitions actually mean is “We don’t know how to secure it yet” – an entirely different message. The goal of information security is to assist the organization’s mission. Yet the focus is still on the misperception that security only gets in the way.
The third and most recent is simply this: “The fastest car on the track has to have the best brakes.” This says in positive terms that security (along with trustworthiness, privacy, and safety) are core functions for any capability, and to ignore them is to be negligent. Only a fool would get into a race with inadequate preparation or subpar tools. Plan for success. Build the best brakes.
This post is in honor of my mom and my grandmother, both English teachers, and Professor Frank Zingrone, my humanities professor in college, all of whom emphasized the need for clear language and critical thinking.
Break’s over – now let’s get back to it. That’s our Bit of Security for January 13, 2025. Be safe.
On Brakes and Speed
A Bit of Security for January 13, 2025
How is cybersecurity like brakes? How can you use this analogy to persuade leaders about security? Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #explainingsecurity #securitybusiness #BoDsecurity #whybrakes #BitofSec
Музыка
Фильмы
ТВ Шоу
Категории видео
