« The War On Drugs And Social Media
A Good Samaritan »

Doublethink To A Secure Business


image It’s frequently debated as to how effective something like PCI DSS really is. Or whether there’s any benefit in installing IDS devices because hardly anyone ever monitors it properly. It all lends itself to the fact that few businesses see the value in pouring money into information security. Particularly where the penalties or downsides seem so little.

Clearly this is the fault of security professionals not being able to articulate the benefits of good infosec practices. But this isn’t an issue that is isolated to selling information security. Anywhere someone wants to promote a concept they have to overcome similar obstacles. Lucky for you, after years of intense research I’ve found the solution to every security departments problem. The theory isn’t based on something Bruce Schneier said, but rather it came from George Orwell.

image In Nighteen Eighty-Four George Orwell introduced the concept of doublethink, describing it as the simultaneous holding of two opposing beliefs in ones mind and yet accepting both. In Orwell’s novel this technique was used by a totalitarian government to continuously rewrite history , and so control the populace.

However, the same type of idea can be used in a more productive way, helping security departments to achieve their goals and ambitions.

The procedure is simple. Asked the business to think about something they want to achieve, such as eliminating insider fraud. Next they are told to spend a few moments fantasising about obtaining the goal, and note the top two benefits that would flow from such an achievement. After this, they are asked to spend another few moments reflecting on the type of barriers and problems they are likely to encounter if they attempt to fulfil their ambition, and again, make a note of the top two issues. Now comes the doublethink. People are asked to reflect on the first benefit, elaborating on how it would make their business more profitable. Immediately afterwards, they are asked to thin about the biggest hurdle to success, focussing on what they would do if they encountered the difficulty. Then they repeat the same process for the second most positive aspect of achieving their aim and second greatest potential problem.

This procedure provides they best of both worlds.

The solution is a question of balance by interleaving the benefits of achievement with a realistic assessment of the problems that could be encountered. That way businesses will be more in tune with realising the benefits of any security initiative, whilst at the same time being realising that not everything is perfect. In short, doublethink.

image

This entry was posted on November 22, 2009, 11:15 am and is filed under Blog. You can follow any responses to this entry through RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.

  1. No comments yet.
(will not be published)