Fortune Cookie Security Advice – December 2008

Everyone wants information security to be easy. Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

Common Sense

I think the key to fortune cookie advice is ‘common sense’ in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Fortune Cookie advice for December:

Be mindful of the security message you deliver to your customers and how it is interpreted

Rallying your populace to be security savvy is a worthwhile investment and must be approached with the appropriate diligence. It is not enough to haphazardly deliver security information and walk away. If it is perceived as ‘junk-mail’, it will be treated as such. Information security must be understood and applied in order to make a difference. This embrace will only occur if the audience understands not only the message, but also why it is important and the overall context. Every good communication program draws in the audience by letting them know how it applies and benefits them.

If we want to be successful, we have an obligation to understand what is being absorbed and how it is being interpreted.

Andy, ITGuy has a great post (check out the picture for a good laugh).

“How we communicate our security plans has to be in a way that the user will understand and that will make them want to work with us”.  This is key, as ultimately it is a partnership between dedicated security folks and the organization they protect.

Additionally, Mike Rothman has some great follow-up comments which I think nails the right perspective:

“effective communication is based upon the perception of the person on the other end”. Sounds basic, but how often do we ignore this fundamental principle in our rush to deliver our message?

If you are interested in good security insights, consider subscribing to Andy,ITGuy and Mike Rothman’s blogs. They mix perspective, humor, to timely issues.

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

Fortune Cookie Security Advice - November 2008

Fortune Cookie Security Advice - September 2008

Fortune Cookie Security Advice - August 2008

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - May 2008

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.