Securing Humanity
You probably hear a lot about information system security these days. Not really a day goes by where we don’t hear about a new threat or exposure.
Traditional approaches talk about performing business risk assessment, and using that information to drive decisions. You're ultimately achieving the goal of reducing then accepting a given risk, based on analysis of likelihood and impact to your organization.
This approach is logical, sound, and certainly the appropriate way to manage risk and information security for your systems, however, I challenge you to think about another angle.
What if part of your information systems security program and policy included securing systems for the overall betterment of your employees, business partners, associates, and the general population that uses the “Internet of Things”?
Plain and simply securing systems because it’s the right thing to do. The shared impact we can all make by keeping our systems secured may be hard to quantify in dollars. We start to understand where attackers may use our systems against one another for malicious purposes, and individually taking a stand to protect each other, just because it’s the right thing to do.
Consider a policy that allows employees to take non-critical data home with them, to edit on their device. Maybe the policy is BYOD and even critical data is on their device. What if that employee unknowingly took a virus home, infecting his or her home network? It could cause chaos for that person at home – family photos, videos, maybe even a book in the works. Unfortunately, the average home user probably doesn’t have the financial resources to recover from an incident.
Another scenario – what if you are a healthcare organization and patient data is stolen or modified. Beyond the financial impact to your organization, consider the human aspect of the individuals’ lives that have now been touched by the incident.
While you can quantify the risk to your organization in penalties, it’s hard to quantify the impact to an individual’s overall quality of life when their medical record is stolen or altered.
Securing your systems so we can safely interact and defend each other is perhaps defense in-depth, in-depth. We can work together to continue this amazing transition to a connected society, ensuring our decisions also include the general betterment and improved quality of life for everyone. Let’s put the humanity in IT. Let’s do it together. Technology Forward.
