What a 3 Year Old can teach us about Information Security

It’s often said that children are born negotiators. They possess a natural ability to try to get what they want though trade-offs, attempting to only do something if they get something in return. It’s less said though that children are born Information Security specialists. Surprising you might think - afterall, as marvellous as the human race is, we don’t produce offspring with a natural understanding of ISO27001, and the principles of Confidentiality, Integrity, Availability and Non-Repudiation. However, our progeny are born with an innate inquisitiveness.

 This inquisitorial nature leads to our young learning one word pretty quickly – “why”. All too often, words we have uttered will be met with a frown, and a short “but why?”, all driven by the need to understand the world around them, and their place within it. Sadly, just as we seemingly lose our natural ability to negotiate as we grow up, we often become less inquisitive, replaced by the often misplaced belief that we know best.

However, as the litany of headline data breaches shows, we often don’t know best. If we could just maintain this need to ask ‘Why’, our infrastructures would be more secure. We’d instinctively want to understand the context around what is going on – why is Joe User accessing that data? Why is Joe User accessing the data from an untrusted network? Why is Joe User using a device we’ve never seen before? We’d find out the stuff that we really need to know to understand what is happening around us, and make our infrastructures more secure.

Child Labor laws notwithstanding, perhaps we should open Kindergarten SOC…

Labels:

Identity & Access Mgmt
Anonymous