Fortune Cookie Security Advice – May 2009

Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

Common Sense
I think the key to fortune cookie advice is ‘common sense’ in the context of security.  It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Fortune Cookie advice for May:

Fear and anxiety will lead to poor risk analysis conclusions

Stay focused on the available facts, use a dose of reality to fill in the gaps, and trust reliable risk models to generate analytical conclusions.

Excerpt from the /javascript:;: In our world of information security, we must take a step back from the limitations and biases we possess and stay true to proper forms of analysis in order to see the truth.  It is far too easy for us to slip backwards and inaccurately measure risk of situations we don’t understand.  Let’s continue to remind each other of this fact and challenge risk assessments, especially in situations where concern is more prevalent than fact.

So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.