Security Biased Group Think
By Roy D. Follendore III
Copyright (c)2003 by RDFollendoreIII
January 26, 2003
What is perhaps most interesting about our technical security perspective is that our biased opinions affect the way that we make security decisions so that as a group there is no one perspective which is absolutely correct in all situations. When we are able to accept, understand and begin to operate on the wisdom of this knowledge we will be on the best path for our organization. The point is that a serious study of technical security involves far more than the study of how security techniques are done, it is a sociological study of individuals as part of organizations performing those techniques and responding with respect to each other in context with the environment. Perfectly viable security techniques become nothing more than probable guesses unless aspect of security is clearly understood and acted upon.
The fact is that as leaders, when we choose the membership of our security engineering teams we are actually predicating the engineering decisions that are to be made. The simple truth is that the concept of security exists within a stochastic universe. It is fine that an individual may see the advantages and opportunities of a particular way of approaching security. But that leader should also see the limits and disadvantages of his own perspectives. What is not good is to pack the membership of a security organization with philosophically like minded individuals.
Diversity of thinking is critical to the ability of organizations to think their way out of security problems before those problems become catastrophic. However, diversity of thinking does not necessarily prevent security problems from becoming critical. Excellence in security leadership requires a sensitive and intelligent touch with respect to the security organization and the security environment.
To understand more about the importance of this subject read Benefit of Doubt.
Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved