Infosec: Homer Simpson or George Washington?

Monday, November 28, 2011

Ali-Reza Anghaie

Bd623fa766512fdf6b57db66f522b741

Take your pick of great strategic thinkers: George Washington, Carl von Clausewitz, Garry Kasparov, Lord Nelson, Napoleon Bonaparte, Sun Tzu, Herman Kahn, etc.

Now, sit them at a table and have them look over reams of InfoSec incident responses.

Assuming you’ve accomplished this time and culture travel they’ll already be well familiar with Homer Simpson and, if we’re lucky, they’ll compare us favorably to Homer’s professional accomplishments.

Mmmm… more blinky lights…

I find it’s useful to consider three contemporary fields in particular when pondering InfoSec strategies and our future: Defense, Economics, and Healthcare. And all three fields have grasped nonlinear preventative and swarm tactics in a way InfoSec would be wise to consider.

And, like InfoSec, all three also have their snake oil salesmen and demons to satiate.

Recently Meredith Patterson (@maradydd) tweeted about an opinion piece in The New York Times (1) on Healthcare:

“If high touch medicine offers additional monitoring and services, how can it save money? Arnold Milstein, now a Stanford professor, identified physician groups that were above average in quality but treated patients for 15 to 20 percent less money than average.

How did they do it? By preventing emergency room visits and subsequent hospitalizations.”

I’d argue this approach is missing almost entirely in Enterprise Security plans. Conceptually everybody talks about preventative care (e.g. configuration/patch management, security life-cycles) and rapid incident response.

However, we discharge the patient as soon as possible with a new gizmo hanging somewhere and pat ourselves on the back. Only to be revisited by misery a short time later to do the InfoSec triage over again.

Organizations need to invest in strategic longterm care of their assets. Every response should be pervasive and prompt a re-examination on existing architectures, controls, training, etc. Don’t scoff, it’s really not that difficult.

Your team has likely considered every nuance in their minds more than once. Actually addressing them isn’t as intensive each subsequent time. And, like the study (2) The New York Times opinion piece covered, you’re going to see a cost savings and quality improvement across your Enterprise.

When I broach this topic I usually get a range of responses but they all circle one issue: Nobody cares about the longterm because they won’t be there. That’s not frequently true, it simply can’t be, because professionals need to have an accomplished and tangible record to move on in the first place.

And usually a significant body of work to progress your career. Such a body of comprehensive and responsible work, as I suggest above, would produce more data and metrics. It also gives your colleagues and team more confidence in your leadership abilities.

In the respect you have for their body of work, there is nothing an InfoSec professional hates more than to see their hard work squandered.

Do you want your team to look at you as a Homer Simpson or a Lord Nelson?

(1) http://opinionator.blogs.nytimes.com/2011/11/16/saving-by-the-bundle/

(2) http://content.healthaffairs.org/content/28/5/1317.abstract

Homer Simpson is awesome and is © 20th Century Fox

Cross-posted from Packetknife's Space -- http://www.packetknife.com

Possibly Related Articles:
8586
Network->General
Information Security
Management Incident Response Leadership Information Security Infosec vendors SecBiz IT Security
Post Rating I Like this!
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia This is to infer that the troops on the ground have much of a say in this my friend. Too often the people who hold the purse strings are clueless even when you hand them a clue.. With handles...
1322661398
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.