Bright Stove

Reflecting information risk journey

Car as an analogy

leave a comment »

The (ISC)2 Japan organized an informal meeting today with several CISSP constituents, including a few course instructors in Tokyo during lunch time for Ed Zeitler, Executive Director of (ISC)2 and I to have a chat on local experiences and also to share our experiences on what we have learnt from the International and regional development in information security. During the discusson, one of the participants used the car as an analogy of how safety have been designed into today’s cars that users can just drive safely without much concerns over the mechanics involved. As compared with the PC systems and Internet, it seems that users need to know a lot more about the underlying security technicalities in order to surf the Internet safely. I thought this was an interesting analogy, but with a slightly different perspective.
 
For a car, the price we pay, as compared to a broadband subscription and the price of PC and related software, is many times more. Before we are permitted (by law) to use it on the road, we have to go through at least N lessons of training, and pass both written and practical examinations. Ths includes learning and demonstrating our understanding of the safety regulations involved, as well as capability in operating the mechanics of the vehicle efficiently and safely, without endangering ourselves, the pedestrians and other fellow drivers and cars on the road. If we fail in any of these aspects, we either don’t get the license, or we have it suspended, and may even get a fine. On a yearly basis, we have to pay insurance, road tax, and maintenance for the car as well. Older cars will also need to go through regular safety test for road worthiness. Because of the price involved, many car owners have to take a bank loan and service it over a period of time, at the expense of other luxuries that one may have instead. All this serves primarily for the purpose of bringing us from point A to point B, with some level of comfort during the ride, but at times, stressed further by the heavy traffics involved. Of course there are other intangible benefits of having and driving a car, but those are often beyond the needs of common users. The price for those intangibles are often much higher as well.
 
For a PC and an Internet connection, besides the much lower cost involved, there is no network or computing tax, insurance, and maintenance fees involved. Only recently, there’s this notion of security services subscription (like Microsoft’s OneCare), which is also a small price compare with what we hand out for the car. But in terms of utility, its value is very different than a car. It serves as an important tool for learning, writing, reading, searching, organizing, creating, innovating, entertainment, communications, shopping, personal management, etc., etc.; replacing many mundane tasks that we would have to do manually, or get someone else to do for us. All this are done without a "license" per-se. No formal training, examination, etc., are required to use the PC and Internet to do all these tasks. All you need is to pay for the device, and sign-up an Internet connection. The latter may not even be necessary in locations where free wireless network is available. No security or safety pre-requisities to do all this.
 
By this comparison, it is clear that we perhaps need to re-think about the way we regard the value and safety/security issues involved in using PC systems and the Internet, and the personal safety/security investment that we have accorded to them. Until then, security as an after-thought will continue to be a challenging issue, and users are likely to continue to be the victims, when in fact, there might be a chance that they may be able to drive the safety and security of the Internet themselves. 
 
Advertisements

Written by mengchow

November 13, 2007 at 2:57 pm

Posted in Awareness

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: