Information Security Lessons at 30,000 Feet

The Christmas 2009 incident, when a bomber attempted to detonate explosives sewn into his undergarments while in the passenger cabin of a commercial airliner, could have resulted in a horrific catastrophe.  Although near tragic, it is another example of how security savvy minded people were quick to respond and interrupt the attack.  The media has focused on how the device malfunctioned, but paid little tribute to those passengers who rose up, acted quickly, and subdued the assailant.  Given the fact his primary plan failed, he likely would not have stopped in his mission to do great harm.  The passengers essentially stopped his ‘Plan B’ and deserve credit.

Americans will never again be subdued like what happened on aircraft during the infamous 9/11 attacks.  We have learned a very important lesson.  Being aggressive to assure security, in the face of an incident, is imperative.  Security knowledgeable people will remain aware and act quickly when situations arise that require intervention to restore security.

These lessons translate well to the information security realm:
1. Security savvy users are incredibly valuable component in a Defense in Depth strategy (javascript:;)
2. Rapid and aggressive response is important to reduce loss and restore the environment to an acceptable level of risk
3. We as administrators and users must continually learn, adapt, and evolve to security risks.  The attackers continuously adapt, we must too.

What security lessons have you learned recently?

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.